Drupal使用称之为“placeholder”的方式处理SQL查询参数:
<?php // WRONG: $result = db_query("SELECT nid, title FROM {node} WHERE type = ':type'", array( ':type' => 'page', )); // CORRECT: $result = db_query("SELECT nid, title FROM {node} WHERE type = :type", array( ':type' => 'page', )); ?>
数组参数主要是应用于IN查询的环境:
<?php // If the placeholder value to insert is an array, assume that we need // to expand it out into a comma-delimited set of placeholders. // This code: db_query("SELECT * FROM {node} WHERE nid IN (:nids)", array(':nids' => array(13, 42, 144)); // Will get turned into this prepared statement equivalent automatically: db_query("SELECT * FROM {node} WHERE nid IN (:nids_1, :nids_2, :nids_3)", array( ':nids_1' => 13, ':nids_2' => 42, ':nids_3' => 144, )); // Which is equivalent to the following literal query: db_query("SELECT * FROM {node} WHERE nid IN (13, 42, 144)"); ?>