可以绑定表名吗?

Is it possible to bind a table name?

没有

您必须将表名列入白名单.我怀疑您是否想让用户从您的数据库中浏览任何 表.

You have to whitelist table names. I doubt you want to let a user to browse any table from your database.

而且您还必须手动格式化标识符.有一个带有示例的 tag wiki.为什么不先读呢?

And you have to format identifiers manually as well. There is a tag wiki with example. Why not read it first?

更新:如您所见，PDO 对于现实生活中的任务来说并不方便.所以，你必须有一个更智能的抽象库来处理 MySQL 查询.下面是一个使用 safeMysql 类的示例，它可以显着缩短您的代码:

Update: As you can see, PDO turns out to be inconvenient for real life tasks. So, you have to have a more intelligent abstraction library to handle MySQL queries. Here is an example using the safeMysql class, which will make your code dramatically shorter:

class form{
    public function __construct($table){
        global $db;
        return $db->getAll("DESCRIBE ?n", $table);
    }
}

2 条注释:

• 我删除了第二个参数，因为您的函数中没有使用它的代码.
• 永远不要在课堂上联系.请改用已打开的连接.或者你会用这么多连接杀死你的 MySQL 服务器.

排除已实现的版本

class form {
    public function __construct($table,$skip = array("id")){
        global $db;
        $data = array();
        $res = $db->query("DESCRIBE ?n", $table);
        while($row = $db->fetch($res)) {
            if (!in_array($row['Field'],$skip)) {
                $data[] = $row;
            }
        }
        return $data;
    }
}

然而，这样的类很少可以按预期使用 - 总是有很多例外和手动格式化才能使其可用.

However, such class seldom can be used as intended - there are always a lot of exceptions and manual formatting to make it usable.