PDO是什么?
PDO一是PHP数据对象(PHP Data Object)的缩写。它被描述为“在PHP中访问数据库的轻量级,兼容性的接口”
PDO的好处:
- 免于SQL注入攻击。
- 通用,可以连接多种类型的数据库。
POD连接数据库
$dsn = 'mysql:dbname=blog;host=localhost';
$user = 'root';
$pwd = '';
try{
$pdo = new PDO($dsn ,$user,$pwd);
}catch( PDOException $e )
{
var_dump($e->getMessage());
}
PDO的基本操作:
bool beginTransaction(void) //开启事务
bool commit(void) //提交事务
int exec (stirng $statement) //改的操作 返回受影响的行数
public PDOStatement query(string $statement) //用来执行查询的语句
public PDOStatement prepare (string $statment [, array $driver_options = array() ]) //sql语句的预处理,sql语句由它修饰后就会变成PDOStatement的对象 之后的操作就是用PDOStatement里面的方法进行处理
string lastInsertId ([string $name = null]) //得到上次插入语句的Id
PDOStatement的方法:
bool bindParam ( mixed $parameter , mixed &$variable [, int $data_type = PDO::PARAM_STR [, int $length [, mixed $driver_options ]]] ) //绑定参数
array fetchAll ([ int $fetch_style [, mixed $fetch_argument [, array $ctor_args = array() ]]] ) //得到所有的值
mixed fetch ([ int $fetch_style [, int $cursor_orientation = PDO::FETCH_ORI_NEXT [, int $cursor_offset = 0 ]]] ) //得到某一行的数据
bool execute ([ array $input_parameters ] ) //执行SQL语句 只要是PDOStatement的对象就用这个执行
PDO的预处理方式:
$dsn = 'mysql:dbname=blog;host=localhost';
$user = 'root' ;
$pwd = '';
try{
$pdo = new PDO($dsn,$user,$pwd);
}catch(Exception $e)
{
var_dump($e->getMessage());
}
方式一:
---------------------------------------------
$sql = 'select mname , mcontent from message where id > :id';
$pre = $pdo->prepare($sql);
$pre->execute([':id' => 5]);
var_dump($pre->fetchAll());
方法二:
$sql = 'select mname , mcontent from message where id > ?';
$pre = $pdo->prepare($sql);
$pre->execute([5]);
var_dump($pre->fetchAll());
--------------------------------------------
方法三:
$sql = 'select mname , mcontent from message where id > ?';
$pre = $pdo->prepare($sql);
$num = 5;
$pre->bindParam(1,$num); //注意绑定的时候$num处不能为数字,
$pre->execute(); //如果要处理数字的就传成变量
var_dump($pre->fetchAll());
---------------------------------------------
方法四:
$sql = 'select mname , mcontent from message where id > :id ';
$pre = $pdo->prepare($sql);
$num = 5;
$pre->bindParam(':id',$num);
$pre->execute();
var_dump($pre->fetchAll());
----------------------------------------------