PHP 如何拼接 SQL 语句
$sql = "select * from comment where comment_id = ".$comment_fid;
或:
$sql = "select * from comment where comment_id = '".$comment_fid."'";
//参数单独传递时
$sql = "insert into systemfunction (dep, fid, name) values ('".$dep."', '".$cid."', '".$name."') ";
//参数作为数组进行传递时
$params = array();//先定义参数数组
$params['name'] = $_REQUEST['name'];
$params['password'] = $_REQUEST['password'];
$params['level'] = $_REQUEST['level'];
...
public static function insert_student($params)
{
$sql = "insert into admin (name,password, level, points, skills, projects, number, profile, keyword, time, picture, graduatetime, pageview, graduate, english, age, height, weight, school, region, realname) values ('".$params['name']."', '".$params['password']."', '".$params['level']."')";
....
}
$sql = "delete from systemfunction where id = '".$id."'";
- 更新
和插值一样,分为参数单独传递和参数数组传递两种情况
//参数单独传递时
$sql = "update systemfunction set name = '".$name."' where id = '".$cid."' ";
//参数作为数组传递
$params = array();//先定义参数数组
$params['name'] = $_REQUEST['name'];
$params['password'] = $_REQUEST['password'];
$params['level'] = $_REQUEST['level'];
...
public static function update_student($params)
{
$update_student = "
name = '".$params['name']."',
password = '".$params['password']."',
level = '".$params['level']."',
...
where id = '".$params['id']."'";
$sql = "update admin set ".$update_student;
....
}