求一个php的函数,要求:
例如有一条sql语句:delete from plane where name='##';
有一个变量$name=abc;
我希望用abc代替sql语句中的##,
两个参数的同样如此:update plane set type='##' where name='##';
$name1=a,$name2=abc,用这两个变量去代替sql语句中的两个##,
请问这个函数应该怎么写?
例如有一条sql语句:delete from plane where name='##';
有一个变量$name=abc;
我希望用abc代替sql语句中的##,
两个参数的同样如此:update plane set type='##' where name='##';
$name1=a,$name2=abc,用这两个变量去代替sql语句中的两个##,
请问这个函数应该怎么写?
是这样么?
$sql="delete from plane where name='$name';";
$sql="update plane set type='$name1' where name='$name2';"
$sql="delete from plane where name='abc';";
$sql = "update plane set type='##' where name='##' AND (myfield='##' OR myfield='##');";
$name1 = 'a';
$name2 = 'abc';
$name3 = 'ADFADS';
$name4 = '123123';
$id = 1;function replaceSql($m)
{
return $GLOBALS['name' . $GLOBALS['id']++];
}echo preg_replace_callback("/##/", "replaceSql", $sql);
可以直接使用,无需自行编程作为练习,可以这样写
function bindParam($sql) {
if(func_num_args() == 1) return $sql;
$param = func_get_args();
array_shift($param);
return preg_replace("/##/e", 'array_shift($param)', $sql);
}$sql = "delete from plane where name='##'";
$name = 'abc';
echo bindParam($sql, $name); //delete from plane where name='abc'$sql = "update plane set type='##' where name='##'";
$name1 = 'a';
$name2 = 'abc';
echo bindParam($sql, $name1, $name2); //update plane set type='a' where name='abc'
$sql="select * from a where name='%s'";
echo sprintf($sql,mysql_real_escape_string("我是name"));
$sql="select * from a where name='%s'";
echo sprintf($sql,mysql_real_escape_string("我是name"));
echo "<br/>";
$sql="select * from a where name='%d'";
echo sprintf($sql,mysql_real_escape_string("我是name"));
防sql注入...