php访问mysql讲述.pptxVIP

MySql APIs in PHP MySql APIs mysql Original MySQL API mysqli MySQL “improved” API PDO PHP Data Objects MySql APIs mysql mysqli PDO Introduced v2.0 v5.0 v5.1 Deprecated v5.5 - - Included with PHP Yes Yes Yes Pre-configured for MySQL Yes Yes Other db supported Yes Procedual Interface Yes Yes Object-oriented Interface Yes Yes Prepared statements Yes Yes Procedual vs OO Procedual Object-oriented mysqli_connect $mysqli = new mysqli mysqli_connect_errno $mysqli -connect_errno mysqli_connect_error $mysqli-connect_error mysqli_real_escape_string $mysqli-real_escape_string mysqli_query $mysqli-query mysqli_fetch_assoc $mysqli-fetch_assoc mysqli_close $mysqli-close Connect to MySql PHP - MySql (5 steps) Create a database connection Perform database query Use returned data(if any) Release returned data Close database connection Step 1 Create database connection mysqli_connect() mysqli_connect_errno() mysqli_connect_error() mysqli_set_charset($conn, utf8); $conn = mysqli_connect($db_host, $db_user, $db_pass, $db_name); Step 2 Perform database query mysqli_query() Step 3 Use returned data mysqli_fetch_row() keys are integers(standard array) mysqli_fetch_assoc() associative array, keys are column names mysqli_fetch_array() either or both types of arrays MYSQL_NUM, MYSQL_ASSOC, MYSQL_BOTH Step 4 Release returned data mysqli_free_result() Step 5 Close database connection mysqli_close() insert mysqli_query() mysqli_insert_id() mysqli_affected_rows() Success Failure select resourse(结果集对象) false insert true false update true false delete true false SQL Injection 表单中填入精心构造的SQL脚本 例如: 正常条件 or 1 防止SQL injection 对接收的表单数据进行转义 mysqli_real_escape_string($conn, $string) Prepared Statements Prepare statement once, reuse many times Faster Separate query from dynamic data Prevents SQL injection Prepared Statements $query = “select id, name, age ”; $query .= “from student ”; $query .= “where id = ? and name = ?”; $stmt = mysqli_prepare($conn, $query); mysqli_stmt_bind_param($stmt, ‘ss’, $id, $na