使用预处理语句——prepare()方法
1、使用命名参数
1 $pdo = new PDO($dsn,$user,$pwd); 2 $sql = 'insert into table1 set name=:name,age=:age'; 3 $result = $pdo->prepare($sql); 4 //执行准备sql 5 $result->execute(array(':name'=>'zhangsan',':age'=>'2'));
2、使用问号参数
1 $pdo = new PDO($dsn,$user,$pwd); 2 $sql = "insert into table1 set name=?,age=?"; 3 $result = $pdo->prepare($sql); 4 //执行准备sql 5 $name = 'zhangsan';$age = '2'; 6 $result->execute(array($name,$age));
3、通过bindParam()方法
1 $pdo = new PDO($dsn,$user,$pwd); 2 $sql = 'insert into table1 set name=:name,age=:age'; 3 $result = $pdo->prepare($sql); 4 //绑定参数 5 $name = 'zhangsan';$age = '2'; 6 $result->bindParam(':name',$name); 7 $result->bindParam(':age',$age); 8 //执行准备sql 9 $result->execute();