PDO方式(project data object)
连接:
关闭连接:
脚本执行完后会自动关闭。
手动关闭:
$conn = null;
创建数据库:
<?php $servername = "localhost"; $username = "username"; $password = "password"; try { $conn = new PDO("mysql:host=$servername;",$username,$password); //设置PDO错误模式为异常 $conn ->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION); $sql = "CREATE DATABASE test"; $conn -> exec($sql); echo "创建数据库成功!"; } catch(PDOException $e) { echo $sql . $e->getMessage(); } $conn = null; ?>创建表:
try {
servername;dbname=
username,$password);
$conn ->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
$sql = "sql语句";
$conn->exec($sql);
echo "成功";
} catch(PDOException $e) {
echo $sql . $e->getMessage();
}
$conn = null;
插入数据:
try {
servername;dbname=
username,$password);
$conn ->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO test(username,age,sex) VALUE('Aicmo','21','1')";
$conn->exec($sql);
echo "成功";
} catch(PDOException $e) {
echo $sql . $e->getMessage();
}
$conn = null;
插入多条数据:
//开始事务
$conn -> beginTransaction();
//sql语句
$conn->exec(“sql插入语句”);
$conn->exec(“sql插入语句”);
$conn->exec(“sql插入语句”);
//提交事务
$conn->commit();
echo “成功”;
catch(PDOException $e) {
$conn->rollback(); //事务回滚
}
PDO预处理语句
try{
//预处理SQL并绑定参数
$stmt = $conn -> prepare(“INSERT INTO test(name,age,sex) VALUES(:name,:age,:sex)”);
name);
age);
sex);
$name = “aimco”;
$age = “21”;
$sex = “1”;
//插入第一条数据
$stmt->execute();
//可以继续插入
echo "成功";
} catch(PDOException $e) {
echo $e -> getMessage();
}
预处理好处:
1.绑定参数减轻服务器的负担,只需要传输需要的参数即可,而不是整条sql语句
2.防止sql注入
如假如直接拼接:select * from test where uid = 1;select * from test2; //红色部分为参数,结果会执行select * from test2
预处理后:select * from test where uid = ‘1;select * from test2’; //整体为一个参数
预处理时会对参数进行转义,这个过程是透明的。
如转义成:select * from test where password = ‘ddd’ or ‘1’ = ‘1’;
3.提高执行效率:idk why