Basic application of PDO "access to different Databases" "Transactional Features" "Prevent SQL Injection"

Pdo

1. Access to different databases
2. Self-service function
3. Preventing SQL injection

Access to your own transactional feature showcase,

1<! DOCTYPE html Public"-//w3c//dtd XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >234<meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>5<title> Untitled Document </title>67 8<body>9 Ten<?PHP One  A /*//1. Building Objects - $dsn = "Mysql:dbname=mydb;host=localhost"; - $pdo = new PDO ($DSN, "root", "123"); the  - //2. Writing SQL statements - $sql = "Update Nation set Name= ' orc ' where code= ' n013 '"; -  + //3. Executing SQL statements - //$r = $pdo->query ($sql); + $r = $pdo->exec ($sql);*/ A  at //Transactional features - //Build Objects - $dsn= "Mysql:dbname=mydb;host=localhost"; - $pdo=NewPDO ($dsn, "root", "123"); -  - //Set Exception mode in $pdo->setattribute (pdo::attr_errmode,pdo::errmode_exception); -  to  + //Write SQL statements - $sql 1= "INSERT into nation values (' n016 ', ' Terran ')"; the $sql 2= "INSERT into nation values (' n017 ', ' Undead ')"; *  $ //execute two SQL statementsPanax Notoginseng Try - { the     //Start a transaction +     $pdo-BeginTransaction (); A      the     $pdo-exec($sql 1); +     $pdo-exec($sql 2); -      $     //Commit a transaction $     $pdo-commit (); - } - Catch(pdoexception$e) the { -     //$e->getmessage ();Wuyi //Roll back the     $pdo-RollBack (); - } -  A  +?> the  -  $</body> the
The following is a placeholder for preventing SQL injection question marks
<! DOCTYPE html Public"-//w3c//dtd XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >PHP//created Objects$dsn= "Mysql:dbname=mydb;host=localhost";$pdo=NewPDO ($dsn, "Root", "");//Write SQL statements, preprocessing statements$sql= "INSERT into nation values (?,?)";//prepares the SQL statement to return the statement object$st=$pdo->prepare ($sql);//Binding Parameters/*$st->bindparam (1, $code); $st->bindparam (2, $name); $code = "n022"; $name = "Dwarf Tribe" ;*/$attr=Array("n023", "Demon Clan");//just throw it right away! Commit execution, not to SQL statements, has passed.Var_dump($st->execute ($attr));//The pre-processing statement is used in the placeholder, given to the array when the index array?></body>
Another way to name a placeholder
1<! DOCTYPE html Public"-//w3c//dtd XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >234<meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>5<title> Untitled Document </title>67 8<body>9 Ten<?PHP One  A //created Objects - $dsn= "Mysql:dbname=mydb;host=localhost"; - $pdo=NewPDO ($dsn, "Root", ""); the  - //Write SQL statements, pre-processing statements, using name placeholders - $sql= "INSERT into nation values (: Code,:name)";//Notice the colon with the front!!  -  + //Ready to execute - $st=$pdo->prepare ($sql); +  A //Binding Parameters at /*$st->bindparam (": Code", $code, PDO::P aram_str); - $st->bindparam (": Name", $name, PDO::P aram_str); -  - $code = "n024"; - $name = "Protoss";*/ -  in $attr=Array("Code" = "n025", "name" = "Zerg"); -  to //Execution + $st->execute ($attr); //attention to execution methods  - the  *  $?>Panax Notoginseng</body> -
A bit of a good thing about name placeholder is that $_post[""] commits the value of the page to be used, eliminating the need to re-assign the steps
Inquire
<! DOCTYPE html Public"-//w3c//dtd XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >PHP//created Objects$dsn= "Mysql:dbname=mydb;host=localhost";$pdo=NewPDO ($dsn, "root", "123");//Write SQL statements, preprocessing statements$sql= "SELECT * From Nation";//ready to execute$st=$pdo->prepare ($sql);//Execution$st-execute ();//Read DataVar_dump($st->fetchall (PDO::Fetch_assoc)); ?></body>


Basic application of PDO "access to different Databases" "Transactional Features" "Prevent SQL Injection"