在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
PHP 中提供了三种访问 MySQL 数据库的扩展,即 mysql,mysqli 和 PDO。它们的区别可以比较如下:
上面所说的预处理语句就是用于参数化查询的。可以看到,除了旧的 mysql 扩展不支持,mysqli 和 PDO 这两个新扩展都支持参数化查询。PDO 扩展相比 mysqli 扩展的好处是,它是与关系数据库类型无关的,因此很方便切换数据库,比如从 MySQL 切换到 PostgreSQL。 首先我们来看看利用 mysqli 扩展如何使用参数化查询。例如: $mysqli = new mysqli("localhost", "dbusername", "dbpassword", "database"); $username = "somename"; $password = "someword"; $query = "SELECT filename, filesize FROM users WHERE (name = ?) and (password = ?)"; $stmt = $mysqli->stmt_init(); if ($stmt->prepare($query)) { $stmt->bind_param("ss", $username, $password); $stmt->execute(); $stmt->bind_result($filename, $filesize); while ($stmt->fetch()) { printf ("%s : %d\n", $filename, $filesize); } $stmt->close(); } $mysqli->close(); 再看看用 PDO 扩展如何使用参数化查询。例如: $pdo = new PDO("mysql:host=localhost;dbname=database", "dbusername", "dbpassword"); $username = "somename"; $password = "someword"; $query = "SELECT * FROM users WHERE (name = :username) and (password = :password)"; $statement = $pdo->prepare($query, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); $statement->bindParam(":username", $username, PDO::PARAM_STR, 10); $statement->bindParam(":password", $password, PDO::PARAM_STR, 12); $statement->execute(); while ($row = $statement->fetch(PDO::FETCH_ASSOC)) { printf ("%s : %d\n", $row["filename"], $row["filesize"]); } $statement->closeCursor(); $pdo = null; 参考资料: |
2022-08-30
2022-07-18
2022-08-17
2022-11-06
2022-07-29
请发表评论