PHP PDO插入方法

Question

我正在使用PDO将表单值插入到带有PDO的mysql数据库中的PHP类方法。这个想法概述如下，但我不知道如何传递方法的第四个参数。有人可以解释如何做到这一点？

谢谢！

<?php 
class Contact { 
    private $DbHost = DB_HOST; 
    private $DbName = DB_NAME; 
    private $DbUser = DB_USER; 
    private $DbPass = DB_PASS; 

    public function MySqlDbInsert($DbTableName, $DbColNames, $DbValues, $DbBindParams){ 
    try{ 
     $dbh = new PDO("mysql:host=$this->DbHost;dbname=$this->DbName",$this->DbUser,$this->DbPass, array(PDO::ATTR_PERSISTENT => true)); 
     $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
     $dbh->exec("SET CHARACTER SET utf8"); 

     $sth = $dbh->prepare("INSERT INTO $DbTableName($DbColNames) VALUES ($DbValues)"); 
     // i know this is all wrong ---------------- 
     foreach($DbBindParams as $paramValue){ 
      $sth->bindParam($paramValue); 
     } 
     // ---------------------------------------- 
     $sth->execute(); 
    } 
    catch(PDOException $e){ 
     $this->ResponseMessage(true, 'Database access FAILED!'); 
    } 
} 

$object = new Contact(); 
$object->MySqlDbInsert(
    'DbTableName', 
    'DbColName1, DbColName3, DbColName3', 
    ':DbColValue1, :DbColValue2, :DbColValue3', 
    // this part is all wrong ------------------- 
    array(
    ':DbColValue1', $col1, PDO::PARAM_STR, 
    ':DbColValue2', $col2, PDO::PARAM_STR, 
    ':DbColValue2', $col3, PDO::PARAM_STR 
    ) 
    // ------------------------------------------ 
); 

Answer 1

动态插入PDO我使用下面的函数。

使用这个传递数组格式的值，以功能：

<?php 
class Contact 
{ 
    private $UploadedFiles = ''; 
    private $DbHost = DB_HOST; 
    private $DbName = DB_NAME; 
    private $DbUser = DB_USER; 
    private $DbPass = DB_PASS; 
    private $table; 

    function __construct() 
    { 
     $this->table = strtolower(get_class()); 
    } 

    public function insert($values = array()) 
    { 
     $dbh = new PDO("mysql:host=$this->DbHost;dbname=$this->DbName", $this->DbUser, $this->DbPass, array(PDO::ATTR_PERSISTENT => true)); 
     $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
     $dbh->exec("SET CHARACTER SET utf8"); 

     foreach ($values as $field => $v) 
      $ins[] = ':' . $field; 

     $ins = implode(',', $ins); 
     $fields = implode(',', array_keys($values)); 
     $sql = "INSERT INTO $this->table ($fields) VALUES ($ins)"; 

     $sth = $dbh->prepare($sql); 
     foreach ($values as $f => $v) 
     { 
      $sth->bindValue(':' . $f, $v); 
     } 
     $sth->execute(); 
     //return $this->lastId = $dbh->lastInsertId(); 
    } 

} 

并使用它：

$contact = new Contact(); 
$values = array('col1'=>'value1','col2'=>'value2'); 
$contact->insert($values); 

Answer 2

我会使用的阵列。也许是这样的：

public function MySqlDbInsert($DbTableName, $values = array()) 
{ 
    try{ 
     $dbh = new PDO('.....'); 

     // Specify the tables where you can insert 
     $allowedTables = array('table_1', 'table_2', 'table_3'); 

     // Specify allowed column names 
     $allowedColumns = array('age', 'city', 'address'); 

     if (!in_array($DbTableName, $allowedTables)) 
      throw new Exception('Invalid Table Given!'); 

     $columns = array_keys($values); 
     foreach ($columns as $c) 
     { 
      if (!in_array($c, $allowedColumns)) 
       throw new Exception('The column ' . $c. ' is not allowed'); 
     } 

     $sql = 'INSERT INTO ' . $DbTableName; 
     $sql .= '(' . implode(',', $columns) . ') '; 
     $sql .= 'VALUES (' . implode(',', array_fill(0, count($values), '?')) . ')'; 

     $sth = $dbh->prepare($sql); 
     $sth->execute(array_values($values)); 
    } 
    catch(PDOException $e){ 
     $this->ResponseMessage(true, 'Database access FAILED!'); 
    } 
    catch(Exception $e) { $this->ResponseMessage(true, $e->getMessage()); } 
} 

$contact->MySqlDbInsert('table_name', array('colname1' => 'value1', 'colname2' => 'value2', 'colname3' => 'value3')); 

不过，所有的值都会被转义为“PDO :: PARAM_STR”。