<?php
function bindParam(&$sql, $location, $var, $type)
{
switch ($type) {
case 'STRING':
$var = addslashes($var);
$var = "'" . $var . "'";
break;
case 'INT':
case 'INTEGER':
$var = intval($var);
break;
case 'BOOL':
$var = boolval($var);
break;
}
for ($i = 1, $pos = 0; $i <= $location; $i++) {
$pos = strpos($sql, ' ?', $pos + 1);
}
}
$uid = 10086;
$psw = 'pwfdsd';
$sql = "select * from table where uid= ? and password= ?";
bindParam($sql, 1, $uid, 'INT');
bindParam($sql, 2, $psw, 'STRING');
echo $sql;
<?php
/**
* Created by PhpStorm.
* User: Administrator
* Date: 2015/12/28
* Time: 16:36
*/
function bindParam(&$sql, $location, $var, $type)
{
switch ($type) {
default:
case 'STRING':
$var = addslashes($var);
$var = "'" . $var . "'";
break;
case 'INTEGER':
case 'INT':
$var = (int) $var;
}
for ($i = 1, $pos = 0; $i <= $location; $i++) {
$pos = strpos($sql, "? ", $pos + 1);
}
$sql = substr($sql, 0, $pos) . $var . substr($sql, $pos + 1);
}
$uid = 10086;
$pwd = "pwd";
$sql = "SELECT * FROM table WHERE uid = ? AND pwd = ? ";
bindParam($sql, 1, $uid, 'INT');
bindParam($sql, 1, $pwd, 'STRING');
echo $sql;
// what text to show the user while picking a username,
// and bases its decision on whether or not the desired
// username already exists in the database. Hence, it
// queries the database, and requires 'konfunctions.php'.
require_once 'konfunctions.php';
// Only execute something if $_POST['user'] is not empty.
if (isset($_POST['user'])) {
// Remove any security hazards from $_POST['user']
$user = sanitizeString($_POST['user']);
/* BEGIN Query 'users' database for a */
/* record that contains $_POST['user]' */
// Prepare the query statement
$queryUsers = "SELECT * FROM users WHERE user='******'";
// try to query the database
try {
$query = $konnection->prepare($queryUsers);
$query = bindParam(':user', $user, PDO::PARAM_INT);
$query->execute();
$result = $query->fetch(PDO::FETCH_NUM);
} catch (PDOException $e) {
echo $sql . "<br>" . $e - getMessage();
}
/* END Query 'users' database */
// Check if the query returned any results
// and return the appropriate response message
if ($result[0]['user'] != "") {
echo "<font color=red> ←\n\t\t Sorry, already taken</font>";
} else {
echo "<font color=green> ←\n\t\t Username available</font>";
}
}
/**
* 绑定参数列表
*/
function bindParams(&$sql, $array)
{
$times = 0;
foreach ($array as $key => $value) {
bindParam($sql, $key + 1, $value, $times);
}
}
}
$pos = 0;
if (substr_count($sql, '?') < $total) {
for ($i = 1; $i <= $location - 1; $i++) {
$pos = strpos($sql, '?', $pos + 1);
}
$GLOBALS['total'] = substr_count($sql, '?');
} else {
for ($i = 1; $i <= $location; $i++) {
$pos = strpos($sql, '?', $pos + 1);
}
}
// 替换问号
return $sql = substr($sql, 0, $pos) . $var . substr($sql, $pos + 1);
}
$dsn = "mysql:host=localhost;dbname=test";
$user = "******";
$pwd = "";
$pdo = new PDO($dsn, $user, $pwd);
$pdo->exec("SET NAMES UTF8");
$uid = 10086;
$pwd = "pwd";
$uname = "yaohuang";
$sql = "SELECT*FROM table WHERE uid=? AND uname=? AND pwd=?";
$total = substr_count($sql, '?');
echo bindParam($sql, 1, $uid, 'INT', $total);
echo '<br>';
echo bindParam($sql, 2, $uname, 'STRING', $total);
echo '<br>';
echo bindParam($sql, 3, $pwd, 'STRING', $total - 1);
