PDO::exec

(PHP 5 >= 5.1.0, PHP 7, PHP 8, PECL pdo >= 0.1.0)

PDO::exec 执行一条 SQL 语句,并返回受影响的行数

说明

PDO::exec ( string $statement ) : int

PDO::exec() 在一个单独的函数调用中执行一条 SQL 语句,返回受此语句影响的行数。

PDO::exec() 不会从一条 SELECT 语句中返回结果。对于在程序中只需要发出一次的 SELECT 语句,可以考虑使用 PDO::query()。对于需要发出多次的语句,可用 PDO::prepare() 来准备一个 PDOStatement 对象并用 PDOStatement::execute() 发出语句。

参数

statement

要被预处理和执行的 SQL 语句。

查询中的数据应该被 妥善地转义

返回值

PDO::exec() 返回受修改或删除 SQL 语句影响的行数。如果没有受影响的行,则 PDO::exec() 返回 0。

Warning

此函数可能返回布尔值 false,但也可能返回等同于 false 的非布尔值。请阅读 布尔类型章节以获取更多信息。应使用 === 运算符来测试此函数的返回值。

下面例子依赖 PDO::exec() 的返回值是不正确的,其中受影响行数为 0 的语句会导致调用 die()

<?php
$db
->exec() or die(print_r($db->errorInfo(), true));
?>

范例

Example #1 发出一条 DELETE 语句

计算由一条不带 WHERE 字句的 DELETE 语句删除的行数。

<?php
$dbh 
= new PDO('odbc:sample''db2inst1''ibmdb2');

/*  删除 FRUIT 数据表中满足条件的所有行 */
$count $dbh->exec("DELETE FROM fruit WHERE colour = 'red'");

/* 返回被删除的行数 */
print("Deleted $count rows.\n");
?>

以上例程会输出:

Deleted 1 rows.

参见

User Contributed Notes

calin at NOSPAM dot softped dot com 16-Oct-2015 11:20
PDO::eval() might return `false` for some statements (e.g. CREATE TABLE) even if the operation completed successfully, when using PDO_DBLIB and FreeTDS. So it is not a reliable way of testing the op status.

PDO::errorInfo() can be used to test the SQLSTATE error code for '00000' (success) and '01000' (success with warning).

<?php
function execute(PDO $conn, $sql) {
   
$affected = $conn->exec($sql);
    if (
$affected === false) {
       
$err = $conn->errorInfo();
        if (
$err[0] === '00000' || $err[0] === '01000') {
            return
true;
        }
    }
    return
$affected;
}
?>

PDO::errorInfo(): http://php.net/manual/en/pdo.errorinfo.php
List of SQLSTATE Codes: http://www-01.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqls.doc/ids_sqs_0809.htm
hungry dot rahly at gmail dot com 10-Nov-2010 05:24
For those that want an exec that handles params like prepare/execute does.  You can simulate this with another function

<?php
class Real_PDO extends PDO {
  public function
execParams($sql, $params) {
   
$stm = $this->prepare($sql);
   
$result = false;
    if(
$stm && $stm->execute($params) ) {
     
$result = $stm->rowCount();
      while(
$stm->fetch(PDO::FETCH_ASSOC) ) {
      }
    }
    return
$result;
  }
}
?>

Remember though, if you are doing a lot of inserts, you'll want to do it the manual way, as the prepare statement will speed up when doing multiple executes(inserts).  I use this so I can place all my SQL statements in one place, and have auto safe quoting against sql-injections.

If you are wondering about the fetch after, remember some databases can return data SELECT-like data from REMOVE/INSERTS.  In the case of PostgreSQL, you can have it return you all records that were actually removed, or have the insert return the records after the insert/post field functions, and io trigger fire, to give you normalized data.

<?php
define
("BLAH_INSERT", "INSERT INTO blah (id,data) VALUES(?,?)");
$pdo = new Real_PDO("connect string");
$data = array("1", "2");
$pdo->execParams(BLAH_INSERT, $data);
?>
blah at whatevr dot com 05-Sep-2007 08:07
You can't use it not only with SELECT statement, but any statement that might return rows. "OPTIMIZE table" is such example (returns some rows with optimization status).

If you do, PDO will lock-up with the "Cannot execute queries while other unbuffered queries are active." nonsense.
roberto at spadim dot com dot br 18-Dec-2006 11:47
this function don't execute multi_query
to get it see SQLITE_EXEC comments there is an pereg function that get all queries and execute all then an return the last one
soletan at toxa dot de 29-Aug-2006 01:40
It's worth noting here, that - in addition to the hints given in docs up there - using prepare, bind and execute provides more benefits than multiply querying a statement: performance and security!

If you insert some binary data (e.g. image file) into database using INSERT INTO ... then it may boost performance of parsing your statement since it is kept small (a few bytes, only, while the image may be several MiBytes) and there is no need to escape/quote the file's binary data to become a proper string value.

And, finally and for example, if you want to get a more secure PHP application which isn't affectable by SQL injection attacks you _have to_ consider using prepare/execute on every statement containing data (like INSERTs or SELECTs with WHERE-clauses). Separating the statement code from related data using prepare, bind and execute is best method - fast and secure! You don't even need to escape/quote/format-check any data.
david at acz dot org 09-Feb-2006 04:39
This function cannot be used with any queries that return results.  This includes SELECT, OPTIMIZE TABLE, etc.
PHP8中文手册 站长在线 整理 版权归PHP文档组所有