标签:php regex parameterized-query
我正在研究一个简单的SQL调试器,它将接受参数化变量并尝试相应地替换它们,这样如果一个SQL有问题,那么我可以将它直接复制粘贴到我的RDBMS中以处理查询并希望更快地调试问题.
到目前为止我基本上都有这个,但它取代了太多:
<?php
$sql = "select *
from table_name
where comment like :a and
email = :b and
status = :c";
$patterns = array();
$patterns[0] = '/:a/';
$patterns[1] = '/:b/';
$patterns[2] = '/:c/';
$replacements = array();
$replacements[0] = "'%that is a nice :b but this one%'";
$replacements[1] = "'monkeyzeus@example.com'";
$replacements[2] = "'active'";
echo preg_replace($patterns, $replacements, $sql);
导致
select *
from table_name
where comment like '%that is a nice 'monkeyzeus@example.com' but this one%' and
email = 'monkeyzeus@example.com' and
status = 'active'
请注意,位置1的’monkeyzeus@example.com’正在从位置0进入:b.
我已经找到了这个问题,Can preg_replace make multiple search and replace operations in one shot?,但我无法做出正面或反面,因为我当然不是正则表达式专家.
更新.只是想分享最终产品:
function debug_sql($sql = NULL, $params = NULL)
{
return (
$sql !== NULL && is_array($params) && $params ? // $sql and $params is required
strtr( // Feed this function the sql and the params which need to be replaced
$sql,
array_map( // Replace single-quotes within the param items with two single-quotes and surround param in single-quotes
function($p)
{
return "'".str_replace("'", "''", $p)."'"; // Basic Oracle escaping
},
$params
)
) :
$sql
);
}
解决方法:
这种情况下有一个特殊功能:
strtr – 翻译字符或替换子字符串
http://php.net/manual/en/function.strtr.php
<?php
$sql = "select * from table_name where comment like :a and email = :b and status = :c";
$map = [
':a' => "'%that is a nice :b but this one%'",
':b' => "'monkeyzeus@example.com'",
':c' => "'active'"
];
echo strtr($sql, $map);
标签:php,regex,parameterized-query 来源: https://codeday.me/bug/20190608/1200882.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。