Pdo
1. Access to different databases
2. Self-service function
3. Preventing SQL injection
Access to your own transactional feature showcase,
1<! DOCTYPE html Public"-//w3c//dtd XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >234<meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>5<title> Untitled Document </title>67 8<body>9 Ten<?PHP One A /*//1. Building Objects - $dsn = "Mysql:dbname=mydb;host=localhost"; - $pdo = new PDO ($DSN, "root", "123"); the - //2. Writing SQL statements - $sql = "Update Nation set Name= ' orc ' where code= ' n013 '"; - + //3. Executing SQL statements - //$r = $pdo->query ($sql); + $r = $pdo->exec ($sql);*/ A at //Transactional features - //Build Objects - $dsn= "Mysql:dbname=mydb;host=localhost"; - $pdo=NewPDO ($dsn, "root", "123"); - - //Set Exception mode in $pdo->setattribute (pdo::attr_errmode,pdo::errmode_exception); - to + //Write SQL statements - $sql 1= "INSERT into nation values (' n016 ', ' Terran ')"; the $sql 2= "INSERT into nation values (' n017 ', ' Undead ')"; * $ //execute two SQL statementsPanax Notoginseng Try - { the //Start a transaction + $pdo-BeginTransaction (); A the $pdo-exec($sql 1); + $pdo-exec($sql 2); - $ //Commit a transaction $ $pdo-commit (); - } - Catch(pdoexception$e) the { - //$e->getmessage ();Wuyi //Roll back the $pdo-RollBack (); - } - A +?> the - $</body> theThe following is a placeholder for preventing SQL injection question marks
<! DOCTYPE html Public"-//w3c//dtd XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >PHP//created Objects$dsn= "Mysql:dbname=mydb;host=localhost";$pdo=NewPDO ($dsn, "Root", "");//Write SQL statements, preprocessing statements$sql= "INSERT into nation values (?,?)";//prepares the SQL statement to return the statement object$st=$pdo->prepare ($sql);//Binding Parameters/*$st->bindparam (1, $code); $st->bindparam (2, $name); $code = "n022"; $name = "Dwarf Tribe" ;*/$attr=Array("n023", "Demon Clan");//just throw it right away! Commit execution, not to SQL statements, has passed.Var_dump($st->execute ($attr));//The pre-processing statement is used in the placeholder, given to the array when the index array?></body>Another way to name a placeholder
1<! DOCTYPE html Public"-//w3c//dtd XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >234<meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 "/>5<title> Untitled Document </title>67 8<body>9 Ten<?PHP One A //created Objects - $dsn= "Mysql:dbname=mydb;host=localhost"; - $pdo=NewPDO ($dsn, "Root", ""); the - //Write SQL statements, pre-processing statements, using name placeholders - $sql= "INSERT into nation values (: Code,:name)";//Notice the colon with the front!! - + //Ready to execute - $st=$pdo->prepare ($sql); + A //Binding Parameters at /*$st->bindparam (": Code", $code, PDO::P aram_str); - $st->bindparam (": Name", $name, PDO::P aram_str); - - $code = "n024"; - $name = "Protoss";*/ - in $attr=Array("Code" = "n025", "name" = "Zerg"); - to //Execution + $st->execute ($attr); //attention to execution methods - the * $?>Panax Notoginseng</body> -A bit of a good thing about name placeholder is that $_post[""] commits the value of the page to be used, eliminating the need to re-assign the steps
Inquire
<! DOCTYPE html Public"-//w3c//dtd XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >PHP//created Objects$dsn= "Mysql:dbname=mydb;host=localhost";$pdo=NewPDO ($dsn, "root", "123");//Write SQL statements, preprocessing statements$sql= "SELECT * From Nation";//ready to execute$st=$pdo->prepare ($sql);//Execution$st-execute ();//Read DataVar_dump($st->fetchall (PDO::Fetch_assoc)); ?></body>
Basic application of PDO "access to different Databases" "Transactional Features" "Prevent SQL Injection"