php部分---PDO;
PDO
数据访问抽象层
PDO的三个功能:
1.操作其它数据库
2.事务功能
3.防止SQL注入攻击
操作数据库:
造PDO对象
//$dsn = "mysql:dbname=mydb;host=localhost"; //数据源 //$pdo = new PDO($dsn,"root","123");
//写SQL语句
//$sql = "select * from nation"; //$sql = "insert into nation values('n077','数据')";
//执行,返回的是PDOStatement对象
//$a = $pdo->query($sql); //执行查询 //$a = $pdo->exec($sql); //执行其他语句 //var_dump($a); //$arr = $attr->fetchAll(PDO::FETCH_BOTH);//返回索引和关联数组
$arr = $attr->fetch(PDO::FETCH_ASSOC); //返回关联数组
//var_dump($arr);
//事务功能
//事务:能够控制语句同时成功同时失败,失败时可以回滚
$dsn = "mysql:dbname=mydb;host=localhost"; $pdo = new PDO($dsn,"root","123");
//设置异常模式
$pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
try { //开启事务 $pdo ->beginTransaction(); //回滚点即若有错误,回滚到这里 $sql1 = "insert into nation values('n080','是删')"; $sql2 = "insert into nation values('n070','好几款')"; $sql3 = "insert into nation values('n075','好几款')"; $pdo->exec($sql1); $pdo->exec($sql2); $pdo->exec($sql3); //提交 $pdo->commit(); } catch(Exception $e) { //抓住try里面出现的错误,并且处理 //echo $e->getMessage(); //获取异常信息 //设置pdo回滚 $pdo->rollBack(); } //final() //{ //最终执行,无论以上try代码有没有出错,都会执行 //}
预处理语句防止SQL注入:
$dsn = "mysql:dbname=mydb;host=localhost"; $pdo = new PDO($dsn,"root","123"); //$code = "n005";
第一种方式:SQL语句里面需要加占位符 ?
//$sql = "select * from nation where code=?"; $sql = "insert into nation values(?,?)";
//准备执行,返回PDOStatement对象
$st = $pdo->prepare($sql);
//调用绑定参数的方法来绑定参数
//$st->bindParam(1,$code); //$st->bindParam(2,$name); //$name = "测试1";
//索引数组
$attr = array("n006","测试2");
//执行方法
$st->execute($attr); //$attr = $st->fetchAll(); //var_dump($attr);
第二种方式:占位符是字符串
$sql = "insert into nation values(:code,:name)"; $st = $pdo->prepare($sql); //1.$st->bindParam(":code",$code,PDO::PARAM_STR); //$st->bindParam(":name",$name,PDO::PARAM_STR); //$code = "n007"; //$name = "测试3"; //关联数组 2.$attr = array("code"=>"n008","name"=>"测试4"); $st->execute($attr);
字符串占位符的例子:
客户端页面
<form action="addchuli.php" method="post"> <div>代号:<input type="text" name="code" /></div> <div>名称:<input type="text" name="name" /></div> <input type="submit" value="添加" /> </form>
处理页面
<?php $dsn = "mysql:dbname=mydb;host=localhost"; $pdo = new PDO($dsn,"root","123"); //占位符是字符串 $sql = "insert into nation values(:code,:name)"; $st = $pdo->prepare($sql);
//1.$st->bindParam(":code",$code,PDO::PARAM_STR); //$st->bindParam(":name",$name,PDO::PARAM_STR); //$code = "n007"; //$name = "测试3"; 2.$st->execute($_POST); post传过来的数据就是二维索引数组
- 上一篇 »PHP使用PDO实现增删改查
- 下一篇 »PHP中PDO数据库操作类