11th. Accessing the MySQL database from the Web using PHP

1. Filter the white space characters that the user may have accidentally entered in the starting or ending position of their search criteria: Apply trim ();

2. Escape data (Chapter 4th) functions: Addslashes (), Stripslashes (), GET_MAGIC_QUOTES_GPC ();

3. Connect the MySQL server in the script: mysqli (...,.......);

Object-oriented approach (instantiating an object)

@ $db =new mysqli (' localhost ', ' bookorama ', ' bookorama123 ', ' books ');

Process-oriented approach

@ $db =mysqli_connect (' localhost ', ' bookorama ', ' bookorama123 ', ' books ');

function to test the result of the connection: Mysqli_connect_errno ()

4. From the Web Connection database:

mysqli_select_db (Db_resource, db_name);

or $db->select_db (dbname);

5\. Querying the database:

$result = $db->query ($query); Object-oriented version

$result =mysqli_query ($db, $query); Process-oriented version

6. Returns the number of rows in the record line:

$num _results= $result->num_rows; Object-oriented version

$num _results=mysqli_num_rows ($result); Process-oriented version

7.

① gets a row in the collection and returns the row in a related array:

$row = $result->fetch_assoc (); Object-oriented version

$row =mysqli_fetch_assoc ($ASSOC); Process-oriented version

Then through $row[' title '], $row [' author '] and so on to access each property;

② gets a row and fetches it into an object:

$row = $result->fetch_object (); or $row =mysqli_fetch_object ($result);

Then through $row->title, $row->author, etc. to access each property;

8. Disconnect from the database:

① Release result set: $result->free (); or Mysqli_free_result ($result);

② closing the connection to the database: $db->close (); or Mysqli_close ($DB);

9.prepared statement:

① queries faster and is free from SQL injection style attacks;

② basic idea: Send a query template that needs to be executed to MySQL, and then send the data separately;

Example: "Insert insert operation: Bind parameter with Prepare"

$query = "INSERT into books values (?,?,?,?)"; Query template

$stmt = $db->prepare ($query); Build the resources you need to do the actual processing

$stmt->bind_param ("SSSD", $ISBN, $author, $title, $price);

Bind_param () tells PHP which variables should be replaced by question marks

The first argument (here, "SSSD") is a formatted string

SSSD: The four parameters passed are string, string, string, double precision

S: string d: Double precision I: Integer b:blob

In the procedure version is Mysqli_stmt_bind_param ()

$stmt->execute (); The Execute () function is called to actually run this query

In the procedure version is Mysqli_stmt_execute ()

"Select selection action: Bind results with Prepare"

$stmt->bind_result ($ISBN, $author, $title, $price); Provides a list of variables that you want to populate the result column

Mysqli_stmt_bind_result ()

$stmt->execute ();

The following statement is then called in the loop:

$stmt->fetch (); Fetch () Gets a result row in order and fills in the bound variable

11th. Accessing the MySQL database from the Web using PHP