pdo事务功能和防止sql注入功能

DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns&＃61;"http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv&＃61;"Content-Type" content&＃61;"text/html; charset&＃61;utf-8" />
<title>无标题文档title>
head><body>php/*//1.造对象
$dsn &＃61; "mysql:dbname&＃61;mydb;host&＃61;localhost";
$pdo &＃61; new PDO($dsn,"root","123");//2.写SQL语句
$sql &＃61; "update nation set name&＃61;&＃39;兽族&＃39; where code&＃61;&＃39;n013&＃39;";//3.执行SQL语句
//$r &＃61; $pdo->query($sql);
$r &＃61; $pdo->exec($sql);*///事务功能
//造对象
$dsn &＃61; "mysql:dbname&＃61;mydb;host&＃61;localhost";
$pdo &＃61; new PDO($dsn,"root","123");//设置异常模式
$pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);//写SQL语句
$sql1 &＃61; "insert into nation values(&＃39;n016&＃39;,&＃39;人族&＃39;)";
$sql2 &＃61; "insert into nation values(&＃39;n017&＃39;,&＃39;不死族&＃39;)";//执行两条SQL语句
try
{//启动事务$pdo->beginTransaction();$pdo->exec($sql1);$pdo->exec($sql2);//提交事务$pdo->commit();
}
catch(PDOException $e)
{//$e->getMessage();//回滚$pdo->rollBack();
}?>body>
html>

DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns&＃61;"http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv&＃61;"Content-Type" content&＃61;"text/html; charset&＃61;utf-8" />
<title>无标题文档title>
head><body>
php//造对象
$dsn &＃61; "mysql:dbname&＃61;mydb;host&＃61;localhost";
$pdo &＃61; new PDO($dsn,"root","123");//写SQL语句,预处理语句
$sql &＃61; "insert into nation values(?,?)";//准备SQL语句,返回statement对象
$st &＃61; $pdo->prepare($sql);//绑定参数
/*$st->bindParam(1,$code);
$st->bindParam(2,$name);$code&＃61;"n022";
$name&＃61;"矮人族";*/$attr &＃61; array("n023","魔族"); //直接扔就可以了&＃xff01;//提交执行,不用给SQL语句了&＃xff0c;已经传过去了
var_dump($st->execute($attr));//预处理语句里面用?占位的&＃xff0c;给数组的时候要给索引数组?>
body>
html>

DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns&＃61;"http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv&＃61;"Content-Type" content&＃61;"text/html; charset&＃61;utf-8" />
<title>无标题文档title>
head><body>php//造对象
$dsn &＃61; "mysql:dbname&＃61;mydb;host&＃61;localhost";
$pdo &＃61; new PDO($dsn,"root","123");//写SQL语句,预处理语句&＃xff0c;使用name占位
$sql &＃61; "insert into nation values(:code,:name)"; //注意用前面加冒号&＃xff01;&＃xff01;//准备执行
$st &＃61; $pdo->prepare($sql);//绑定参数
/*$st->bindParam(":code",$code,PDO::PARAM_STR);
$st->bindParam(":name",$name,PDO::PARAM_STR);$code&＃61;"n024";
$name&＃61;"狼族";*/$attr &＃61; array("code"&＃61;>"n025","name"&＃61;>"虫族");//执行
$st->execute($attr);?>
body>
html>

php
//造对象
$dsn &＃61; "mysql:dbname&＃61;mydb;host&＃61;localhost";
$pdo &＃61; new PDO($dsn,"root","123");//写SQL语句,预处理语句&＃xff0c;使用name占位
$sql &＃61; "insert into nation values(:code,:name)";//准备执行
$st &＃61; $pdo->prepare($sql);//执行
$st->execute($_POST); 这个post 和提交的一样直接就赋值了&＃xff01;

DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns&＃61;"http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv&＃61;"Content-Type" content&＃61;"text/html; charset&＃61;utf-8" />
<title>无标题文档title>
head><body>
php//造对象
$dsn &＃61; "mysql:dbname&＃61;mydb;host&＃61;localhost";
$pdo &＃61; new PDO($dsn,"root","123");//写SQL语句,预处理语句
$sql &＃61; "select * from nation";//准备执行
$st &＃61; $pdo->prepare($sql);//执行
$st->execute();//读数据
var_dump($st->fetchAll(PDO::FETCH_ASSOC)); ?>
body>
html>