查找给定的表列名称:
SELECt column_nameFROM information_schema.columnsWHERe table_name = 'tablename'
然后只需将
$values阵列中的密钥列入白名单
例子:
function insert_sql($table, array $values){ global $connection; $query = "SELECt column_name FROM information_schema.columns WHERe table_name = :tablename"; $stmt = $connection->prepare($query); $stmt->execute(array( 'tablename' => $table )); $columns = array_flip($stmt->fetchAll(PDO::FETCH_COLUMN, 0)); $values = array_intersect_key($values, $columns); var_dump($values); }
