王明昌博客如果你对该文章中的内容有疑问/不解,可以点击此处链接提问
要注明问题和此文章链接地址 点击此处跳转
pdo 预处理
1.对用户的数据进行过滤, 用于提高安全性
2.提高批量操作的性能
登录安全
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
$name = $_POST['name']; $pwd = $_POST['pwd']; $pdo = new PDO("mysql:host=localhost;dbname=user",'root','root'); $sql = "select * from info where name='{$name}' and pwd ='{$pwd}'"; //$res = $pdo->query($sql); //*******加入预处理,避免破解******** $res = $pdo->prepare($sql); $res->bindValue(1, $name); $res->bindValue(2, $pwd); //*************** //$res = $obj->execute(); if($res->rowCount()>0){ echo "登录成功"; }else{ echo "登录失败"; } |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
try{ $pdo = new PDO("mysql:host=localhost;dbname=user",'root','root'); $pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);//保存数据 传错误 $sql = "insert into info (name,pwd)VALUES ('qqqqqq','123qq')"; $obj = $pdo->prepare($sql); // var_dump($obj); /* E:\WWW\lianxi\0108\namespace\1.php:11: object(PDOStatement)[2] public 'queryString' => string 'insert into info (name,pwd)VALUES ('qqqqqq','123qq')' (length=52) * */ $obj->bindValue(1, 'root123');//绑定参数 $obj->bindValue(2,'123123'); $obj->execute(); echo $rows = $obj->rowCount();//影响行数 echo $id = $pdo->lastInsertId();//自增id }catch(PDOException $a){ echo $a->getMessage(); } |
绑定的几种形式
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
$sql = "insert into info (name,pwd)VALUES (?,?)"; $obj = $pdo->prepare($sql); $obj->bindValue(1, 'root123');//绑定参数 $obj->bindValue(2,'123123'); $obj->execute(); $sql = "insert into info (name,pwd)VALUES (:name,:pwd)"; $obj = $pdo->prepare($sql); //bindParam可以直接传值 $obj->bindParam(':name', 'root123');//绑定参数 $obj->bindValue('pwd','123123'); $obj->execute(); $sql = "insert into info (name,pwd)VALUES (?,?)"; $obj = $pdo->prepare($sql); //引用赋值的时候不能直接传值bindParam $name = 'pdo5'; $pwd = 'pdo5'; $obj->bindParam(1, $name);//绑定参数 $obj->bindParam(2, $pwd); $obj->execute(); $sql = "insert into info (name,pwd)VALUES (:n,:p)"; $obj = $pdo->prepare($sql); //引用赋值的时候不能直接传值 $name = 'pdo5'; $pwd = 'pdo5'; $obj->bindParam(':n', $name);//绑定参数 $obj->bindParam(':p', $pwd); $obj->execute(); |
批量添加
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
try{ $pdo = new PDO("mysql:host=localhost;dbname=user",'root','root'); $pdo ->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_AUTOCOMMIT, 0); $pdo->beginTransaction();//.开启事务 $arr= [ ['pdo32', '12312312'], ['pdo43', '12312312'], ['pdo24', '12312312'] ]; $sql = "insert into info (name,pwd)VALUES (?,?)"; $obj = $pdo->prepare($sql); foreach($arr as $val){ $obj->execute($val);//将数组中的数据插入 } $pdo->commit();//提交事务 }catch( PDOException $a){ echo $a->getMessage(); } |
