PDOStatement::execute

(PHP 5 >= 5.1.0, PECL pdo >= 0.1.0)

PDOStatement::execute — 执行一条预处理语句

说明

bool PDOStatement::execute ([ array $input_parameters ] )

执行预处理过的语句。如果预处理过的语句含有参数标记，必须选择下面其中一种做法：

调用 PDOStatement::bindParam() 绑定 PHP 变量到参数标记：如果有的话，通过关联参数标记绑定的变量来传递输入值和取得输出值
或传递一个只作为输入参数值的数组

参数

input_parameters

一个元素个数和将被执行的 SQL 语句中绑定的参数一样多的数组。所有的值作为 PDO::PARAM_STR 对待。

不能绑定多个值到一个单独的参数；比如，不能绑定两个值到 IN（）子句中一个单独的命名参数。

绑定的值不能超过指定的个数。如果在 input_parameters 中存在比 PDO::prepare() 预处理的SQL 指定的多的键名，则此语句将会失败并发出一个错误。

返回值

成功时返回 TRUE，或者在失败时返回 FALSE。

更新日志

版本	说明
5.2.0	`input_parameters` 中的键名必须和 SQL 中声明的相匹配。PHP 5.2.0 之前默认忽略。

范例

Example #1 执行一条绑定变量的预处理语句


<?php
/*  通过绑定 PHP 变量执行一条预处理语句 */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>

Example #2 使用一个含有插入值的数组执行一条预处理语句（命名参数）


<?php
/* 通过传递一个含有插入值的数组执行一条预处理语句 */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < :calories AND colour = :colour');
$sth->execute(array(':calories' => $calories, ':colour' => $colour));
?>

Example #3 使用一个含有插入值的数组执行一条预处理语句（占位符）


<?php
/*  通过传递一个插入值的数组执行一条预处理语句 */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < ? AND colour = ?');
$sth->execute(array($calories, $colour));
?>

Example #4 执行一条问号占位符的预处理语句


<?php
/* 通过绑定 PHP 变量执行一条预处理语句 */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < ? AND colour = ?');
$sth->bindParam(1, $calories, PDO::PARAM_INT);
$sth->bindParam(2, $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>

Example #5 使用数组执行一条含有 IN 子句的预处理语句


<?php
/*  使用一个数组的值执行一条含有 IN 子句的预处理语句 */
$params = array(1, 21, 63, 171);
/*  创建一个填充了和params相同数量占位符的字符串 */
$place_holders = implode(',', array_fill(0, count($params), '?'));

/*
    对于 $params 数组中的每个值，要预处理的语句包含足够的未命名占位符 。
    语句被执行时， $params 数组中的值被绑定到预处理语句中的占位符。
    这和使用 PDOStatement::bindParam() 不一样，因为它需要一个引用变量。
    PDOStatement::execute() 仅作为通过值绑定的替代。
*/
$sth = $dbh->prepare("SELECT id, name FROM contacts WHERE id IN ($place_holders)");
$sth->execute($params);
?>

注释

Note:
有些驱动在执行下一条语句前需要关闭游标。

参见

PDO::prepare() - Prepares a statement for execution and returns a statement object
PDOStatement::bindParam() - 绑定一个参数到指定的变量名
PDOStatement::fetch() - 从结果集中获取下一行
PDOStatement::fetchAll() - 返回一个包含结果集中所有行的数组
PDOStatement::fetchColumn() - 从结果集中的下一行返回单独的一列。

用户评论:

Rami jamleh (2013-04-02 11:09:15)

simplified $placeholder form <?php $data = ['a'=>'foo','b'=>'bar']; $keys = array_keys($data); $fields = '`'.implode('`, `',$keys).'`'; #here is my way $placeholder = substr(str_repeat('?,',count($keys),0,-1)); $pdo->prepare("INSERT INTO `baz`($fields) VALUES($placeholder)")->execute(array_values($data));

anon at anon dot com (2012-06-15 09:10:21)

If your MySQL table has 500,000+ rows and your script is failing because you have hit PHP's memory limit, set the following attribute. <?php $this->pdo->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, false); ?> This should make the error go away again and return memory usage back to normal.

mail at horn-online-media dot de (2012-06-14 10:32:27)

hi, just a qick note to get started without problems when using quotation: PDO does NOT replace given variables if they are wrapped in quotationmarks, e.g. <?php $st = $db->prepare( ' INSERT INTO fruits( name, colour ) VALUES( :name, ":colour" ) '; $st->execute( array( ':name' => 'Apple', ':colour' => 'red' ) ); ?> results in in a new fruit like -> Apple, :colour without the colour beeing replaced by "red". so leave variables WITHOUT the quotation - PDO will do.

nils andre with my googelian maily accou (2012-04-27 14:25:09)

I realized that I ran into serious trouble when debugging my PHP scripts from the command line, and despite of going to fetchAll and so, I always got the error SQLSTATE[HY000]: General error: 2014 Cannot execute queries while other unbuffered queries are active. I realized that I had a double init command: PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8; SET CHARACTER SET utf8;" The first one is the better choice and removing the latter, the error is gone.

T-Rex (2012-04-11 15:44:51)

When you try to make a query with a date, then take the whole date and not just a number. This Query will work fine, if you try it like this: SELECT * FROM table WHERE date = 0 But if you try it with prepared you have to take the whole date format. <?php $sth = $dbh->prepare('SELECT * FROM table WHERE date = :date'); $sth->execute( $arArray ); //--- Wrong: $arArray = array(":date",0); //--- Right: $arArray = array(":date","0000-00-00 00:00:00"); ?> There must be something with the mysql driver. best regards T-Rex

richard at securebucket dot com (2011-11-25 13:16:41)

Note: Parameters don't work with a dash in the name like ":asd-asd" you can do a quick str_replace("-","_",$parameter) to fix the issue.

ElTorqiro (2011-04-05 14:51:31)

When using a prepared statement to execute multiple inserts (such as in a loop etc), under sqlite the performance is dramatically improved by wrapping the loop in a transaction. I have an application that routinely inserts 30-50,000 records at a time. Without the transaction it was taking over 150 seconds, and with it only 3. This may affect other implementations as well, and I am sure it is something that affects all databases to some extent, but I can only test with PDO sqlite. e.g. <?php $data = array( array('name' => 'John', 'age' => '25'), array('name' => 'Wendy', 'age' => '32') ); try { $pdo = new PDO('sqlite:myfile.sqlite'); } catch(PDOException $e) { die('Unable to open database connection'); } $insertStatement = $pdo->prepare('insert into mytable (name, age) values (:name, :age)'); // start transaction $pdo->beginTransaction(); foreach($data as &$row) { $pdo->execute($row); } // end transaction $pdo->commit(); ?>

Robin Millette (2011-01-10 18:30:00)

If you're going to derive PDOStatement to extend the execute() method, you must define the signature with a default NULL argument, not an empty array. In otherwords: <?php class MyPDOStatement extends PDOStatement { // ... // don't use this form! // function execute($input_parameters = array()) { // use this instead: function execute($input_parameters = null) { // ... return parent::execute($input_parameters); } } ?> As a sidenote, that's why I always set default parameter to NULL and take care of handling the actual correct default parameters in the body of the method or function. Thus, when you have to call the function with all the parameters, you know to always pass NULL for defaults.

Tony Casparro (2010-07-08 10:09:58)

We know that you can't see the final raw SQL before its parsed by the DB, but if you want to simulate the final result, this may help. <?php public function showQuery($query, $params) { $keys = array(); $values = array(); # build a regular expression for each parameter foreach ($params as $key=>$value) { if (is_string($key)) { $keys[] = '/:'.$key.'/'; } else { $keys[] = '/[?]/'; } if(is_numeric($value)) { $values[] = intval($value); } else { $values[] = '"'.$value .'"'; } } $query = preg_replace($keys, $values, $query, 1, $count); return $query; } ?>

gx (2010-04-24 10:05:18)

Note that you must - EITHER pass all values to bind in an array to PDOStatement::execute() - OR bind every value before with PDOStatement::bindValue(), then call PDOStatement::execute() with *no* parameter (not even "array()"!). Passing an array (empty or not) to execute() will "erase" and replace any previous bindings (and can lead to, e.g. with MySQL, "SQLSTATE[HY000]: General error: 2031" (CR_PARAMS_NOT_BOUND) if you passed an empty array). Thus the following function is incorrect in case the prepared statement has been "bound" before: <?php function customExecute(PDOStatement &$sth, $params = NULL) { return $sth->execute($params); } ?> and should therefore be replaced by something like: <?php function customExecute(PDOStatement &$sth, array $params = array()) { if (empty($params)) return $sth->execute(); return $sth->execute($params); } ?> Also note that PDOStatement::execute() doesn't require $input_parameters to be an array. (of course, do not use it as is ^^).

Ant P. (2008-08-08 10:33:46)

As of 5.2.6 you still can't use this function's $input_parameters to pass a boolean to PostgreSQL. To do that, you'll have to call bindParam() with explicit types for each parameter in the query.

Jean-Lou dot Dupont at jldupont dot com (2008-03-09 10:38:48)

Hopefully this saves time for folks: one should use $count = $stmt->rowCount() after $stmt->execute() in order to really determine if any an operation such as ' update ' or ' replace ' did succeed i.e. changed some data. Jean-Lou Dupont.

albright atat anre dotdot net (2008-01-18 20:33:53)

When passing an array of values to execute when your query contains question marks, note that the array must be keyed numerically from zero. If it is not, run array_values() on it to force the array to be re-keyed. <?php $anarray = array(42 => "foo", 101 => "bar"); $statement = $dbo->prepare("SELECT * FROM table WHERE col1 = ? AND col2 = ?"); //This will not work $statement->execute($anarray); //Do this to make it work $statement->execute(array_values($anarray)); ?>

Daniel (2007-08-30 05:20:05)

You could also use switch the order of t1 and t2 to get user_id from t1 (tested on postgresql): SELECT t2.*, t1.user_id, t1.user_name FROM table1 t1 LEFT JOIN table2 t2 ON t2.user_id = t1.user_id WHERE t1.user_id = 2

simon dot lehmann at gmx dot de (2007-08-08 03:17:05)

It seems, that the quoting behaviour has changed somehow between versions, as my current project was running fine on one setup, but throwing errors on another (both setups are very similar). Setup 1: Ubuntu 6.10, PHP 5.1.6, MySQL 5.0.24a Setup 2: Ubuntu 7.04, PHP 5.2.1, MySQL 5.0.38 The code fragment which caused problems (shortened): <?php $stmt = $pdo->prepare("SELECT col1, col2, col3 FROM tablename WHERE col4=? LIMIT ?"); $stmt->execute(array('Foo', 1)); ?> On the first Setup this executes without any problems, on the second setup it generates an Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' at line 1 The problem is, that $stmt->execute() quotes the number passed to the second placeholder (resulting in: ... LIMIT '1'), which is not allowed in MySQL (tested on both setups). To prevent this, you have to use bindParam() or bindValue() and specify a data type.

narcis at narcisradu dot com (2007-01-08 01:16:00)

For a query like this: SELECT t1.user_id, t1.user_name, t2.* FROM table1 t1 LEFT JOIN table2 t2 ON t2.user_id = t1.user_id WHERE t1.user_id = 2 If I don't have an entry in table2 for user_id=2, the user_id in result will be empty. SELECT t1.user_id, t1.user_name, t2.user_pet, t2.user_color, t2.user_sign FROM table1 t1 LEFT JOIN table2 t2 ON t2.user_id = t1.user_id WHERE t1.user_id = 2 This query will return nonempty user_id. So please be careful with wildcard select.

VolGas (2006-12-22 22:38:47)

An array of insert values (named parameters) don't need the prefixed colon als key-value to work. <?php /* Execute a prepared statement by passing an array of insert values */ $calories = 150; $colour = 'red'; $sth = $dbh->prepare('SELECT name, colour, calories FROM fruit WHERE calories < :calories AND colour = :colour'); // instead of: // $sth->execute(array(':calories' => $calories, ':colour' => $colour)); // this works fine, too: $sth->execute(array('calories' => $calories, 'colour' => $colour)); ?> This allows to use "regular" assembled hash-tables (arrays). That realy does make sense!

dbrucas (2006-11-21 10:54:04)

If you don't want to turn on exception raising, then try this: //$dbErr = $dbHandler->errorInfo(); OR $dbErr = $dbStatement->errorInfo(); if ( $dbErr[0] != '00000' ) { print_r($dbHandler->errorInfo()); die( "<div class='redbg xlarge'>FAILED: $msg</div><br />".$foot); // or handle the error your way... } echo "SUCCESS: $msg<br />"; ... continue if succesful

inghamn at bloomington dot in dot gov (2006-10-24 13:53:46)

Just a note, I'm currently using 5.1.6. After debugging for a good amount of time, I've realized that the $array cannot be an associative array. For instance, the following code will fail on the execute. <?php $fields = array(); $fields['name'] = "Someone"; $query = $PDO->prepare("insert table set name=?"); $query->execute($fields); ?> For my code, I had to convert the $fields array into a non-associative array. Something like this: <?php $fields = array(); $fields['name'] = "Someone"; $values = array(); foreach($fields as $value) { $values[] = $value; } $query = $PDO->prepare("insert table set name=?"); $query->execute($values); ?>

russel at sunraystudios dot com (2006-10-15 14:42:35)

I've used it and it returns booleans=> $passed = $stmt->execute(); if($passed){ echo "passed"; } else { echo "failed"; } If the statement failed it would print failed. You would want to use errorInfo() to get more info, but it does seem to work for me.

Nei (2006-02-06 23:40:02)

This does not return TRUE or FALSE. It seems to just not return anything.