This function cannot be used with any queries that return results. This includes SELECT, OPTIMIZE TABLE, etc.
(PHP 5 >= 5.1.0, PHP 7, PHP 8, PECL pdo >= 0.1.0)
PDO::exec — 执行 SQL 语句,并返回受影响的行数
PDO::exec() 在单独的函数调用中执行 SQL 语句,返回受此语句影响的行数。
PDO::exec() 不会从 SELECT 语句中返回结果。对于在程序中只需要发出一次的 SELECT 语句,可以考虑使用 PDO::query()。对于需要发出多次的语句,可用 PDO::prepare() 来预处理 PDOStatement 对象并用 PDOStatement::execute() 发出语句。
PDO::exec() 返回 SQL 语句修改或删除影响的行数。如果没有受影响的行,则 PDO::exec() 返回 0。
下列示例错误依赖 PDO::exec() 的返回值,其中受影响行数为 0 的语句会导致调用 die():
<?php
$db->exec() or die(print_r($db->errorInfo(), true)); // 错误
?>
如果属性 PDO::ATTR_ERRMODE 设置为 PDO::ERRMODE_WARNING,则发出级别为 E_WARNING 的错误。
如果属性 PDO::ATTR_ERRMODE 设置为 PDO::ERRMODE_EXCEPTION,则抛出 PDOException。
示例 #1 发出 DELETE 语句
计算不带 WHERE 子句的 DELETE 语句删除的行数。
<?php
$dbh = new PDO('odbc:sample', 'db2inst1', 'ibmdb2');
/* 删除 FRUIT 数据表中满足条件的所有行 */
$count = $dbh->exec("DELETE FROM fruit");
/* 返回被删除的行数 */
print "Deleted $count rows.\n";
?>以上示例会输出:
Deleted 1 rows.
This function cannot be used with any queries that return results. This includes SELECT, OPTIMIZE TABLE, etc.Note that with MySQL you can detect a DUPLICATE KEY with INSERT (1 = INSERT, 2 = UPDATE) :
<?php
// MySQL specific INSERT UPDATE-like syntax
$sql = <<<SQL
INSERT INTO customers
SET
id = {$pdo->quote($id)},
name = {$pdo->quote($name)},
address = {$pdo->quote($address)}
AS new
ON DUPLICATE KEY UPDATE
name = new.name,
address = new.address
SQL;
$result = $pdo->exec($sql);
if ($result === 1) {
// An INSERT of a new row has be done
} elseif ($result === 2) {
// An UPDATE of an existing row has be done
}It's worth noting here, that - in addition to the hints given in docs up there - using prepare, bind and execute provides more benefits than multiply querying a statement: performance and security!
If you insert some binary data (e.g. image file) into database using INSERT INTO ... then it may boost performance of parsing your statement since it is kept small (a few bytes, only, while the image may be several MiBytes) and there is no need to escape/quote the file's binary data to become a proper string value.
And, finally and for example, if you want to get a more secure PHP application which isn't affectable by SQL injection attacks you _have to_ consider using prepare/execute on every statement containing data (like INSERTs or SELECTs with WHERE-clauses). Separating the statement code from related data using prepare, bind and execute is best method - fast and secure! You don't even need to escape/quote/format-check any data.PDO::eval() might return `false` for some statements (e.g. CREATE TABLE) even if the operation completed successfully, when using PDO_DBLIB and FreeTDS. So it is not a reliable way of testing the op status.
PDO::errorInfo() can be used to test the SQLSTATE error code for '00000' (success) and '01000' (success with warning).
<?php
function execute(PDO $conn, $sql) {
$affected = $conn->exec($sql);
if ($affected === false) {
$err = $conn->errorInfo();
if ($err[0] === '00000' || $err[0] === '01000') {
return true;
}
}
return $affected;
}
?>
PDO::errorInfo(): http://php.net/manual/en/pdo.errorinfo.php
List of SQLSTATE Codes: http://www-01.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqls.doc/ids_sqs_0809.htmthis function don't execute multi_query
to get it see SQLITE_EXEC comments there is an pereg function that get all queries and execute all then an return the last one