PDO
1.访问不同的数据库
2.自带事务功能
3.防止SQL注入
这下面是访问和自带的事务功能展示,
DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns&#61;"http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv&#61;"Content-Type" content&#61;"text/html; charset&#61;utf-8" />
<title>无标题文档title>
head><body>php/*//1.造对象
$dsn &#61; "mysql:dbname&#61;mydb;host&#61;localhost";
$pdo &#61; new PDO($dsn,"root","123");//2.写SQL语句
$sql &#61; "update nation set name&#61;&#39;兽族&#39; where code&#61;&#39;n013&#39;";//3.执行SQL语句
//$r &#61; $pdo->query($sql);
$r &#61; $pdo->exec($sql);*///事务功能
//造对象
$dsn &#61; "mysql:dbname&#61;mydb;host&#61;localhost";
$pdo &#61; new PDO($dsn,"root","123");//设置异常模式
$pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);//写SQL语句
$sql1 &#61; "insert into nation values(&#39;n016&#39;,&#39;人族&#39;)";
$sql2 &#61; "insert into nation values(&#39;n017&#39;,&#39;不死族&#39;)";//执行两条SQL语句
try
{//启动事务$pdo->beginTransaction();$pdo->exec($sql1);$pdo->exec($sql2);//提交事务$pdo->commit();
}
catch(PDOException $e)
{//$e->getMessage();//回滚$pdo->rollBack();
}?>body>
html>
这下面是防止sql注入展示第一种方法 问号占位
DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns&#61;"http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv&#61;"Content-Type" content&#61;"text/html; charset&#61;utf-8" />
<title>无标题文档title>
head><body>
php//造对象
$dsn &#61; "mysql:dbname&#61;mydb;host&#61;localhost";
$pdo &#61; new PDO($dsn,"root","123");//写SQL语句,预处理语句
$sql &#61; "insert into nation values(?,?)";//准备SQL语句,返回statement对象
$st &#61; $pdo->prepare($sql);//绑定参数
/*$st->bindParam(1,$code);
$st->bindParam(2,$name);$code&#61;"n022";
$name&#61;"矮人族";*/$attr &#61; array("n023","魔族"); //直接扔就可以了&#xff01;//提交执行,不用给SQL语句了&#xff0c;已经传过去了
var_dump($st->execute($attr));//预处理语句里面用?占位的&#xff0c;给数组的时候要给索引数组?>
body>
html>
另一种方法名称占位
DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns&#61;"http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv&#61;"Content-Type" content&#61;"text/html; charset&#61;utf-8" />
<title>无标题文档title>
head><body>php//造对象
$dsn &#61; "mysql:dbname&#61;mydb;host&#61;localhost";
$pdo &#61; new PDO($dsn,"root","123");//写SQL语句,预处理语句&#xff0c;使用name占位
$sql &#61; "insert into nation values(:code,:name)"; //注意用前面加冒号&#xff01;&#xff01;//准备执行
$st &#61; $pdo->prepare($sql);//绑定参数
/*$st->bindParam(":code",$code,PDO::PARAM_STR);
$st->bindParam(":name",$name,PDO::PARAM_STR);$code&#61;"n024";
$name&#61;"狼族";*/$attr &#61; array("code"&#61;>"n025","name"&#61;>"虫族");//执行
$st->execute($attr);?>
body>
html>
最后是名称占位的好处
php
//造对象
$dsn &#61; "mysql:dbname&#61;mydb;host&#61;localhost";
$pdo &#61; new PDO($dsn,"root","123");//写SQL语句,预处理语句&#xff0c;使用name占位
$sql &#61; "insert into nation values(:code,:name)";//准备执行
$st &#61; $pdo->prepare($sql);//执行
$st->execute($_POST); 这个post 和提交的一样直接就赋值了&#xff01;
最后是查询&#xff01;&#xff01;
DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns&#61;"http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv&#61;"Content-Type" content&#61;"text/html; charset&#61;utf-8" />
<title>无标题文档title>
head><body>
php//造对象
$dsn &#61; "mysql:dbname&#61;mydb;host&#61;localhost";
$pdo &#61; new PDO($dsn,"root","123");//写SQL语句,预处理语句
$sql &#61; "select * from nation";//准备执行
$st &#61; $pdo->prepare($sql);//执行
$st->execute();//读数据
var_dump($st->fetchAll(PDO::FETCH_ASSOC)); ?>
body>
html>