PHP PDO execute/prepare 似乎不起作用

Question

<?php    
    $abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ':login' AND user_pass=PASSWORD(':password')");
    $abc->bindParam(':login', $_POST['name']);
    $abc->bindParam(':password', $_POST['pw']);    
    $abc->execute(); 
    echo $abc->rowCount();
    // the example above doesn't work rowCount is always 0
    $abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = '?' AND user_pass=PASSWORD('?')");
    $abc->execute([$_POST['name'], $_POST['pw']]);
    echo $abc->rowCount();
    // and again rowCount is always 0
    $abc = $objpdo->query("SELECT * FROM testdb.users WHERE user = '".$_POST['name']."' AND user_pass=PASSWORD('".$_POST['pw']."')");
    echo $abc->rowCount();
    // this thing here is working
?>

我在代码中准备好的语句似乎不起作用，奇怪的是，当我尝试运行 query() 时没有准备它，而是直接将值传递给它正在工作的字符串。

请注意，我总是使用现有的 users/passwords 来尝试此代码。

Answer 1

占位符不需要引号，否则查询会将它们视为字符串，而不是占位符。

$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = :login AND user_pass=PASSWORD(:password)");

与序号占位符（问号）相同：

$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ? AND user_pass=PASSWORD(?)");

PHP PDO execute/prepare 似乎不起作用

PHP PDO execute/prepare doesn't seem to work

php

pdo

execute

prepared-statement

rowcount