問(wèn)題描述
我正在努力學(xué)習(xí)編寫查詢的最佳方式.我也明白保持一致的重要性.直到現(xiàn)在,我都沒(méi)有任何真正的想法,隨意使用了單引號(hào)、雙引號(hào)和反引號(hào).
I am trying to learn the best way to write queries. I also understand the importance of being consistent. Until now, I have randomly used single quotes, double quotes, and backticks without any real thought.
示例:
$query = 'INSERT INTO table (id, col1, col2) VALUES (NULL, val1, val2)';
另外,在上面的例子中,考慮到table、col1、val1等可能是變量.
Also, in the above example, consider that table, col1, val1, etc. may be variables.
這是什么標(biāo)準(zhǔn)?你是做什么的?
What is the standard for this? What do you do?
我已經(jīng)在這里閱讀了大約 20 分鐘的類似問(wèn)題的答案,但這個(gè)問(wèn)題似乎沒(méi)有明確的答案.
推薦答案
反引號(hào)用于表和列標(biāo)識(shí)符,但僅當(dāng)標(biāo)識(shí)符是 MySQL 保留關(guān)鍵字,或者當(dāng)標(biāo)識(shí)符包含空白字符或超出限制集的字符時(shí)(見(jiàn)下文)通常建議盡可能避免使用保留關(guān)鍵字作為列或表標(biāo)識(shí)符,避免引用問(wèn)題.
Backticks are to be used for table and column identifiers, but are only necessary when the identifier is a MySQL reserved keyword, or when the identifier contains whitespace characters or characters beyond a limited set (see below) It is often recommended to avoid using reserved keywords as column or table identifiers when possible, avoiding the quoting issue.
單引號(hào)應(yīng)該用于像 VALUES() 列表中的字符串值.MySQL 也支持字符串值的雙引號(hào),但其他 RDBMS 更廣泛地接受單引號(hào),因此使用單引號(hào)代替雙引號(hào)是一個(gè)好習(xí)慣.
Single quotes should be used for string values like in the VALUES() list. Double quotes are supported by MySQL for string values as well, but single quotes are more widely accepted by other RDBMS, so it is a good habit to use single quotes instead of double.
MySQL 還期望 DATE 和 DATETIME 文字值被單引號(hào)作為字符串,如 '2001-01-01 00:00:00'.查閱日期和時(shí)間文字文檔有關(guān)更多詳細(xì)信息,特別是使用連字符 - 作為日期字符串中的段分隔符的替代方法.
MySQL also expects DATE and DATETIME literal values to be single-quoted as strings like '2001-01-01 00:00:00'. Consult the Date and Time Literals documentation for more details, in particular alternatives to using the hyphen - as a segment delimiter in date strings.
因此,使用您的示例,我會(huì)用雙引號(hào)引用 PHP 字符串并在值 'val1', 'val2' 上使用單引號(hào).NULL 是一個(gè) MySQL 關(guān)鍵字,是一個(gè)特殊的(非)值,因此不加引號(hào).
So using your example, I would double-quote the PHP string and use single quotes on the values 'val1', 'val2'. NULL is a MySQL keyword, and a special (non)-value, and is therefore unquoted.
這些表或列標(biāo)識(shí)符都不是保留字或使用需要引用的字符,但我還是用反引號(hào)引用了它們(稍后會(huì)詳細(xì)介紹...).
None of these table or column identifiers are reserved words or make use of characters requiring quoting, but I've quoted them anyway with backticks (more on this later...).
不應(yīng)引用 RDBMS 的本機(jī)函數(shù)(例如,MySQL 中的 NOW()),盡管它們的參數(shù)受已提及的相同字符串或標(biāo)識(shí)符引用規(guī)則的約束.
Functions native to the RDBMS (for example, NOW() in MySQL) should not be quoted, although their arguments are subject to the same string or identifier quoting rules already mentioned.
Backtick (`)
table & column ───────┬─────┬──┬──┬──┬────┬──┬────┬──┬────┬──┬───────┐
↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓
$query = "INSERT INTO `table` (`id`, `col1`, `col2`, `date`, `updated`)
VALUES (NULL, 'val1', 'val2', '2001-01-01', NOW())";
↑↑↑↑ ↑ ↑ ↑ ↑ ↑ ↑ ↑↑↑↑↑
Unquoted keyword ─────┴┴┴┘ │ │ │ │ │ │ │││││
Single-quoted (') strings ───────────┴────┴──┴────┘ │ │ │││││
Single-quoted (') DATE ───────────────────────────┴──────────┘ │││││
Unquoted function ─────────────────────────────────────────┴┴┴┴┘
變量插值
變量的引用模式不會(huì)改變,但如果您打算直接在字符串中插入變量,則必須在 PHP 中使用雙引號(hào).只要確保您已正確轉(zhuǎn)義在 SQL 中使用的變量.(建議使用支持預(yù)處理語(yǔ)句的 API,以防止 SQL 注入).
// Same thing with some variable replacements
// Here, a variable table name $table is backtick-quoted, and variables
// in the VALUES list are single-quoted
$query = "INSERT INTO `$table` (`id`, `col1`, `col2`, `date`) VALUES (NULL, '$val1', '$val2', '$date')";
準(zhǔn)備好的語(yǔ)句
處理準(zhǔn)備好的語(yǔ)句時(shí),請(qǐng)查閱文檔以確定是否必須引用語(yǔ)句的占位符.PHP、PDO 和 MySQLi 中最流行的 API 需要不帶引號(hào)的占位符,其他語(yǔ)言的大多數(shù)準(zhǔn)備好的語(yǔ)句 API 也是如此:
Prepared statements
When working with prepared statements, consult the documentation to determine whether or not the statement's placeholders must be quoted. The most popular APIs available in PHP, PDO and MySQLi, expect unquoted placeholders, as do most prepared statement APIs in other languages:
// PDO example with named parameters, unquoted
$query = "INSERT INTO `table` (`id`, `col1`, `col2`, `date`) VALUES (:id, :col1, :col2, :date)";
// MySQLi example with ? parameters, unquoted
$query = "INSERT INTO `table` (`id`, `col1`, `col2`, `date`) VALUES (?, ?, ?, ?)";
需要在標(biāo)識(shí)符中使用反引號(hào)的字符:
根據(jù) MySQL 文檔,您不需要使用以下字符集的引用(反引號(hào))標(biāo)識(shí)符:
Characters requring backtick quoting in identifiers:
According to MySQL documentation, you do not need to quote (backtick) identifiers using the following character set:
ASCII:[0-9,a-z,A-Z$_](基本拉丁字母、數(shù)字0-9、美元、下劃線)
ASCII:
[0-9,a-z,A-Z$_](basic Latin letters, digits 0-9, dollar, underscore)
您可以使用超出該設(shè)置的字符作為表或列標(biāo)識(shí)符,例如包括空格,但是您必須引用(反引號(hào))它們.
You can use characters beyond that set as table or column identifiers, including whitespace for example, but then you must quote (backtick) them.
此外,盡管數(shù)字是標(biāo)識(shí)符的有效字符,但標(biāo)識(shí)符不能僅由數(shù)字組成.如果他們這樣做,他們必須用反引號(hào)包裹起來(lái).
Also, although numbers are valid characters for identifiers, identifiers cannot consist solely of numbers. If they do they must be wrapped in backticks.
這篇關(guān)于何時(shí)在 MySQL 中使用單引號(hào)、雙引號(hào)和反引號(hào)的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!