zoukankan      html  css  js  c++  java

  • PHP中PDO DEMO

    PDO =》 PHP DATABASE OBJECT

    1、Select

    $dsn = "mysql:host=127.0.0.1;port=3306;dbname=dbname"; 
$dbh = new PDO($dsn, 'root', 'password');
$sql = "select * from table_name where NAME = :name AND PWD = :pwd";
$sth = $dbh->prepare($sql);
$sth ->bindValue(':name', 'user');
$sth ->bindValue(':pwd', 'password');
$sth-> execute(); 
foreach($sth as $row) { 
    echo var_dump($row); 
} 
$dbh = null;
    $dsn = "mysql:host=127.0.0.1;port=3306;dbname=dbname"; 
$dbh = new PDO($dsn, 'root', 'password');
$sql = "select * from table_name where NAME = ?AND PWD = ?";
$sth = $dbh->prepare($sql);
$sth ->bindValue(1, 'user');
$sth ->bindValue(2, 'password');
$sth-> execute(); 
foreach($sth as $row) { 
    echo var_dump($row); 
} 

$dbh = null;

    2、UPDATE

    $dsn = "mysql:host=127.0.0.1;port=3306;dbname=dbname"; 
$dbh = new PDO($dsn, 'root', 'password');
$sql = "update table_name set name = :name where id = :id";
$sth = $dbh->prepare($sql);
$sth ->bindValue(':name', 'user');
$sth ->bindValue(':id', '1');
$flag = $sth-> execute(); // true or false
$dbh = null;
    $dsn = "mysql:host=127.0.0.1;port=3306;dbname=dbname"; 
$dbh = new PDO($dsn, 'root', 'password');
$sql = "update table_name set name = ? where id = ?";
$sth = $dbh->prepare($sql);
$sth ->bindValue(1, 'user');
$sth ->bindValue(2, '1');
$flag = $sth-> execute(); // true or false
$dbh = null;

     3、Insert

    $dsn = "mysql:host=127.0.0.1;port=3306;dbname=dbname"; 
$dbh = new PDO($dsn, 'root', 'password');
$sql = "insert into table_name (name) values (:name)";
$sth = $dbh->prepare($sql);
$sth ->bindValue(':name', 'user');
$flag = $sth-> execute(); // true or false
$dbh = null;
    $dsn = "mysql:host=127.0.0.1;port=3306;dbname=dbname"; 
$dbh = new PDO($dsn, 'root', 'password');
$sql = "insert into table_name (name) values (?)";
$sth = $dbh->prepare($sql);
$sth ->bindValue(1, 'user');
$flag = $sth-> execute(); // true or false
$dbh = null;

    4、Delete

    $dsn = "mysql:host=127.0.0.1;port=3306;dbname=dbname"; 
$dbh = new PDO($dsn, 'root', 'password');
$sql = "delete from table_name where id = :id";
$sth = $dbh->prepare($sql);
$sth ->bindValue(':id', '1');
$flag = $sth-> execute(); // true or false
$dbh = null;
    $dsn = "mysql:host=127.0.0.1;port=3306;dbname=dbname"; 
$dbh = new PDO($dsn, 'root', 'password');
$sql = "delete from table_name where id = ?";
$sth = $dbh->prepare($sql);
$sth ->bindValue(1, '1');
$flag = $sth-> execute(); // true or false
$dbh = null;

    每一部分的第二段代码都是用?和数字索引的方式来绑定参数,有的人可能不是很理解这些后绑定跟直接生成sql语句之后去执行有什么差别,其实不难理解。

    假设你输入:

    select * from table_name where id = ?

    问号的部分如果直接动态生成就可能变成这样

    select * from table_name where id = 1 or 1=1

    而如果动态绑定的话,问号部分就被限制只能输入一个跟id字段类型相符合的变量,如果有sql注入就会编译不过
  • 相关阅读:
    FEniCS 1.1.0 发布,计算算术模型
    Piwik 1.10 发布,增加社交网站统计
    淘宝褚霸谈做技术的心态
    CyanogenMod 10.1 M1 发布
    Druid 发布 0.2.11 版本,数据库连接池
    GNU Gatekeeper 3.2 发布
    Phalcon 0.9.0 BETA版本发布,新增大量功能
    EUGene 2.6.1 发布,UML 模型操作工具
    CVSps 3.10 发布,CVS 资料库更改收集
    Opera 移动版将采用 WebKit 引擎
  • 原文地址:https://www.cnblogs.com/gabin/p/3934226.html
Copyright © 2011-2022 走看看