How use an array/implode in the SELECT query PDO

2019-09-03 15:56发布

i have a function that returns user data from the database. But I want to return only the selected row, for instance username, so i created an array for that, giving the option to echo $userdata['anything']. see the code:

$session_user_id = $_SESSION['user_id'];
    $user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name'); } 

and

function user_data($user_id){

$pdo = new PDO("mysql:host=localhost;dbname=MYDATABASE;", "MYUSERNAME", "MYPASSWORD");
$data = array();
$user_id = (int)$user_id;

$func_num_args = func_num_args();
$func_get_args = func_get_args();

if ($func_num_args > 1) {
    unset($func_get_args[0]);
    $fields = '`' . implode(', ', $func_get_args) . '`';
    echo $fields;
    $stmt = $pdo->prepare("SELECT :fields FROM `users` WHERE `user_id` = :user_id");
    $stmt->execute(array(':user_id' => $user_id, ':fields' => $fields));
    $data = $stmt->fetchAll(PDO::FETCH_ASSOC);

    print_r($data);
}
}

The problem is that this doesn't work. It returns

Array ( [0] => Array ( [`user_id, username, password, first_name, last_name`] => `user_id, username, password, first_name, last_name` ) )

However, replacing :fields with for instance 'username' does work. Is it possible to use this implode?

1条回答
贪生不怕死
2楼-- · 2019-09-03 16:49

Change:

$stmt = $pdo->prepare("SELECT :fields FROM `users` WHERE `user_id` = :user_id");

to:

$stmt = $pdo->prepare("SELECT $fields FROM `users` WHERE `user_id` = :user_id");

and remove $fields from the execute parameter array.

Parameterized placeholders are only for values.

UPDATE

Also this line is wrong:

$fields = '`' . implode(', ', $func_get_args) . '`';

This will output a ` outside the the field list rather than each column name.

Try removing them like this:

$fields = implode(', ', $func_get_args);
查看更多
登录 后发表回答