Usage comparison between phppdo and mysqli for mysql connection

Source: Internet
Author: User
Tags sql injection prevention
Usage comparison between phppdo and mysqli for mysql connection

  1. // Pdo

  2. $ Pdo = new pdo ("mysql: host = localhost; dbname = database", 'username', 'password ');

  3. // Mysqli, process-oriented

  4. $ Mysqli = mysqli_connect ('localhost', 'username', 'password', 'database ');

  5. // Mysqli, object-oriented

  6. $ Mysqli = new mysqli ('localhost', 'username', 'password', 'database ');

3. the database supports pdo and multiple databases, but mysqli only supports mysql.

4. name parameterpdo:

  1. $ Params = array (': username' => 'test',': email '=> $ mail,': last_login '=> time ()-3600 );
  2. $ Pdo-> prepare ('
  3. Select * from users
  4. Where username =: username
  5. And email =: email
  6. And last_login>: last_login ');

However, mysqli is troublesome and does not support this. it can only be:

  1. $ Query = $ mysqli-> prepare ('
  2. Select * from users
  3. Where username =?
  4. And email =?
  5. And last_login>? ');
  6. $ Query-> bind_param ('SS', 'test', $ mail, time ()-3600 );
  7. $ Query-> execute ();

In this case, the order of question marks is troublesome and inconvenient.

5. supports orm Ing. for example, there is a class user, for example:

  1. Class User
  2. {
  3. Public $ id;
  4. Public $ first_name;
  5. Public $ last_name;
  6. Public function info ()
  7. {
  8. Return '#'. $ this-> id. ':'. $ this-> first_name. '. $ this-> last_name;
  9. }
  10. }
  11. $ Query = "SELECT id, first_name, last_name FROM users ";
  12. // PDO
  13. $ Result = $ pdo-> query ($ query );
  14. $ Result-> setFetchMode (PDO: FETCH_CLASS, 'User ');
  15. While ($ user = $ result-> fetch ())
  16. {
  17. Echo $ user-> info (). "\ n ";
  18. }

Mysqli uses a process-oriented approach:

  1. If ($ result = mysqli_query ($ mysqli, $ query )){
  2. While ($ user = mysqli_fetch_object ($ result, 'User ')){
  3. Echo $ user-> info (). "\ n ";
  4. }
  5. }

6. prevent SQL injection (php resolves SQL injection prevention methods): manually set pdo

  1. $ Username = pdo: quote ($ _ get ['username']);
  2. $ Pdo-> query ("select * from users where username = $ username ");

Use mysqli:

  1. $ Username = mysqli_real_escape_string ($ _ get ['username']);
  2. $ Mysqli-> query ("select * from users where username = '$ username '");

7. preparestamentpdo mode:

  1. $ Pdo-> prepare ('select * from users where username =: username ');
  2. $ Pdo-> execute (array (': username' = >$ _ get ['username']);

Mysqli method:

  1. $ Query = $ mysqli-> prepare ('select * from users where username =? ');
  2. $ Query-> bind_param ('s ', $ _ get ['username']);
  3. $ Query-> execute ();

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.