// Pdo - $ Pdo = new pdo ("mysql: host = localhost; dbname = database", 'username', 'password ');
// Mysqli, process-oriented - $ Mysqli = mysqli_connect ('localhost', 'username', 'password', 'database ');
// Mysqli, object-oriented - $ Mysqli = new mysqli ('localhost', 'username', 'password', 'database ');
3. the database supports pdo and multiple databases, but mysqli only supports mysql. 4. name parameterpdo:
- $ Params = array (': username' => 'test',': email '=> $ mail,': last_login '=> time ()-3600 );
- $ Pdo-> prepare ('
- Select * from users
- Where username =: username
- And email =: email
- And last_login>: last_login ');
However, mysqli is troublesome and does not support this. it can only be:
- $ Query = $ mysqli-> prepare ('
- Select * from users
- Where username =?
- And email =?
- And last_login>? ');
- $ Query-> bind_param ('SS', 'test', $ mail, time ()-3600 );
- $ Query-> execute ();
-
In this case, the order of question marks is troublesome and inconvenient. 5. supports orm Ing. for example, there is a class user, for example:
- Class User
- {
- Public $ id;
- Public $ first_name;
- Public $ last_name;
- Public function info ()
- {
- Return '#'. $ this-> id. ':'. $ this-> first_name. '. $ this-> last_name;
- }
- }
- $ Query = "SELECT id, first_name, last_name FROM users ";
- // PDO
- $ Result = $ pdo-> query ($ query );
- $ Result-> setFetchMode (PDO: FETCH_CLASS, 'User ');
- While ($ user = $ result-> fetch ())
- {
- Echo $ user-> info (). "\ n ";
- }
Mysqli uses a process-oriented approach:
- If ($ result = mysqli_query ($ mysqli, $ query )){
- While ($ user = mysqli_fetch_object ($ result, 'User ')){
- Echo $ user-> info (). "\ n ";
- }
- }
6. prevent SQL injection (php resolves SQL injection prevention methods): manually set pdo
- $ Username = pdo: quote ($ _ get ['username']);
- $ Pdo-> query ("select * from users where username = $ username ");
Use mysqli:
- $ Username = mysqli_real_escape_string ($ _ get ['username']);
- $ Mysqli-> query ("select * from users where username = '$ username '");
7. preparestamentpdo mode:
- $ Pdo-> prepare ('select * from users where username =: username ');
- $ Pdo-> execute (array (': username' = >$ _ get ['username']);
Mysqli method:
- $ Query = $ mysqli-> prepare ('select * from users where username =? ');
- $ Query-> bind_param ('s ', $ _ get ['username']);
- $ Query-> execute ();
|
