PDO
1.访问不同的数据库
2.自带事务功能
3.防止SQL注入
这下面是访问和自带的事务功能展示,
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>无标题文档</title> </head> <body> <?php /*//1.造对象 $dsn = "mysql:dbname=mydb;host=localhost"; $pdo = new PDO($dsn,"root","123"); //2.写SQL语句 $sql = "update nation set name='兽族' where code='n013'"; //3.执行SQL语句 //$r = $pdo->query($sql); $r = $pdo->exec($sql);*/ //事务功能 //造对象 $dsn = "mysql:dbname=mydb;host=localhost"; $pdo = new PDO($dsn,"root","123"); //设置异常模式 $pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION); //写SQL语句 $sql1 = "insert into nation values('n016','人族')"; $sql2 = "insert into nation values('n017','不死族')"; //执行两条SQL语句 try { //启动事务 $pdo->beginTransaction(); $pdo->exec($sql1); $pdo->exec($sql2); //提交事务 $pdo->commit(); } catch(PDOException $e) { //$e->getMessage(); //回滚 $pdo->rollBack(); } ?> </body> </html>
这下面是防止sql注入展示第一种方法 问号占位
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>无标题文档</title> </head> <body> <?php //造对象 $dsn = "mysql:dbname=mydb;host=localhost"; $pdo = new PDO($dsn,"root","123"); //写SQL语句,预处理语句 $sql = "insert into nation values(?,?)"; //准备SQL语句,返回statement对象 $st = $pdo->prepare($sql); //绑定参数 /*$st->bindParam(1,$code); $st->bindParam(2,$name); $code="n022"; $name="矮人族";*/ $attr = array("n023","魔族"); //直接扔就可以了! //提交执行,不用给SQL语句了,已经传过去了 var_dump($st->execute($attr)); //预处理语句里面用?占位的,给数组的时候要给索引数组 ?> </body> </html>
另一种方法名称占位
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>无标题文档</title> </head> <body> <?php //造对象 $dsn = "mysql:dbname=mydb;host=localhost"; $pdo = new PDO($dsn,"root","123"); //写SQL语句,预处理语句,使用name占位 $sql = "insert into nation values(:code,:name)"; //注意用前面加冒号!! //准备执行 $st = $pdo->prepare($sql); //绑定参数 /*$st->bindParam(":code",$code,PDO::PARAM_STR); $st->bindParam(":name",$name,PDO::PARAM_STR); $code="n024"; $name="狼族";*/ $attr = array("code"=>"n025","name"=>"虫族"); //执行 $st->execute($attr); ?> </body> </html>
最后是名称占位的好处
<?php //造对象 $dsn = "mysql:dbname=mydb;host=localhost"; $pdo = new PDO($dsn,"root","123"); //写SQL语句,预处理语句,使用name占位 $sql = "insert into nation values(:code,:name)"; //准备执行 $st = $pdo->prepare($sql); //执行 $st->execute($_POST); 这个post 和提交的一样直接就赋值了!
最后是查询!!
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>无标题文档</title> </head> <body> <?php //造对象 $dsn = "mysql:dbname=mydb;host=localhost"; $pdo = new PDO($dsn,"root","123"); //写SQL语句,预处理语句 $sql = "select * from nation"; //准备执行 $st = $pdo->prepare($sql); //执行 $st->execute(); //读数据 var_dump($st->fetchAll(PDO::FETCH_ASSOC)); ?> </body> </html>