PDO预处理

分类：PHP高级时间：2018-01-08浏览：3195

pdo 预处理

1.对用户的数据进行过滤, 用于提高安全性 2.提高批量操作的性能

登录安全

$name = $_POST['name'];
$pwd = $_POST['pwd'];

$pdo = new PDO("mysql:host=localhost;dbname=user",'root','root');
$sql = "select * from info where name='{$name}' and pwd ='{$pwd}'";

//$res = $pdo->query($sql);

//*******加入预处理,避免破解********
$res = $pdo->prepare($sql);
$res->bindValue(1, $name);
$res->bindValue(2, $pwd);
//***************

//$res = $obj->execute();
if($res->rowCount()>0){
    echo "登录成功";
}else{
    echo "登录失败";
}

try{
    $pdo = new PDO("mysql:host=localhost;dbname=user",'root','root');
    $pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);//保存数据   传错误

    $sql = "insert into info (name,pwd)VALUES ('qqqqqq','123qq')";
    $obj = $pdo->prepare($sql);
//    var_dump($obj);
    /*
     E:\WWW\lianxi\0108\namespace\1.php:11:
    object(PDOStatement)[2]
    public 'queryString' => string 'insert into info (name,pwd)VALUES ('qqqqqq','123qq')' (length=52)
     * */
    $obj->bindValue(1, 'root123');//绑定参数
    $obj->bindValue(2,'123123');
    $obj->execute();

    echo $rows = $obj->rowCount();//影响行数
    echo $id = $pdo->lastInsertId();//自增id


}catch(PDOException $a){
    echo $a->getMessage();
}

绑定的几种形式

    $sql = "insert into info (name,pwd)VALUES (?,?)";
    $obj = $pdo->prepare($sql);
    $obj->bindValue(1, 'root123');//绑定参数
    $obj->bindValue(2,'123123');
    $obj->execute();


    $sql = "insert into info (name,pwd)VALUES (:name,:pwd)";
    $obj = $pdo->prepare($sql);
    //bindParam可以直接传值
    $obj->bindParam(':name', 'root123');//绑定参数
    $obj->bindValue('pwd','123123');
    $obj->execute();


    $sql = "insert into info (name,pwd)VALUES (?,?)";
    $obj = $pdo->prepare($sql);
    //引用赋值的时候不能直接传值bindParam
    $name = 'pdo5';
    $pwd = 'pdo5';
    $obj->bindParam(1, $name);//绑定参数
    $obj->bindParam(2, $pwd);
    $obj->execute();

    $sql = "insert into info (name,pwd)VALUES (:n,:p)";
    $obj = $pdo->prepare($sql);
    //引用赋值的时候不能直接传值
    $name = 'pdo5';
    $pwd = 'pdo5';
    $obj->bindParam(':n', $name);//绑定参数
    $obj->bindParam(':p', $pwd);
    $obj->execute();

批量添加

try{
    $pdo = new PDO("mysql:host=localhost;dbname=user",'root','root');

    $pdo ->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
    $pdo->setAttribute(PDO::ATTR_AUTOCOMMIT, 0);
    $pdo->beginTransaction();//.开启事务

    $arr= [
        ['pdo32', '12312312'],
        ['pdo43', '12312312'],
        ['pdo24', '12312312']
    ];
    $sql = "insert into info (name,pwd)VALUES (?,?)";
    $obj = $pdo->prepare($sql);
    foreach($arr as $val){
        $obj->execute($val);//将数组中的数据插入
    }
    $pdo->commit();//提交事务


}catch( PDOException $a){
    echo $a->getMessage();

}

本站文章如未注明出处均为原创，转载请注明出处，如有侵权请邮件联系站长。