1.过滤数据
$search =
addslashes(trim($_POST['search']));
2.建立数据库连接
对象风格: @ $db =
new mysqli('localhost','root','root','bookrama');
过程风格: @$db =
mysqli_connect('localhost','root','root','bookrama' );
3.检查连接情况
if($db->connect_errno){//if(mysqli_connect_errno($db)){}
echo "Error:Could not connect to data"
}
4.对数据库进行SQL操作
$query = “SQL语句”;
$result =
$db->query($query); //$result = mysqli_query($db,$query);
5.返回查询结果
$num_results = $result->num_rows; // $num_results =mysqli_num_rows($result);
//返回结果的行数;
for($i =0;$i<$num_result;$i++){
$row = $result->fetch_assoc(); //将结果装载到一个关联数组;
echo $row['字段名'];
echo $row['字段名'];
}
(1)读取操作的行数:
select:mysqli_num_rows( )//$result->num_rows;
insert、delete、update:mysqli_affected_rows( )//$db->affected_rows;
(2)返回query的select结果:
①mysqli_fetch_assoc():将一行结果返回到一个关联数组;
代码:$row = mysqli_fetch_assoc();
$row['name'];
②mysqli_fetch_row():将一行结果返回到一个数字数组;
代码:$row = mysqli_fetch_assoc();
$row[0];
③mysqli_fetch_obejct():件一行结果返回到一个对象中,对字段的调用通过对该对象的调用来说实现;
代码:$row = mysqli_fetch_assoc();
$nameSelect = $row->$name;
6.断开数据库
$result -> free()
//mysqli_free($result)
$db -> close() //
mysqli_close($db)
一般脚本执行完后,数据库会自动断开连接;
//PHP访问MaySQL数据库的代码:
<?php
/* 使用MySQL来改进原有的身份验证机制,将用户名和密码(以SHA-1哈希算法1加密)数据储存在MySQL数据库中
*/
$name = $_POST['name'];
$password = $_POST['password'];
if(!isset($name) || !isset($password)){
?>
<h1>Please Log In</h1>
<p>This page is secret</p>
<form method="post" action="secretdb.php">
<p>UseraName:<input type="text" name="name" /></p>
<p>Password:<input type="password" name="password" /></p>
<p><input type="submit" name="submit" value="Log In" /></p>
</form>
<?php
}else{
//连接mysql数据库,并测试连接情况
$db = mysqli_connect("localhost","webauth","webauth");
if(!$db){ #/if(mysqli_connect_error($db)){
echo "Cannot connect to database.";
exit;
}
//寻找需要的数据库auth
$selected = mysqli_select_db($db,"auth");
if(!$selected){
echo "Cannot select database.";
exit;
}
或者:
$db = mysqli_connect("localhost","webauth","webauth","auth");
if(mysqli_connect_eror($db)){
echo "Cannot connect to database.";
exit;
}
//对auth数据库进行查询操作,使用count()函数对查询到的结果进行计数
$query = "select count(*) from authorized_users
where name = '".$name."' and password = '".$password."' ";
$result = mysqli_query($db,$query);
if(!$result){
echo "Cannot run away";
exit;
}
$row = mysqli_fetch_row($result); //将查询结果包装为一个数组
$count = $row[0];
if($count>0){
echo "<h1>Here it is!</h1><p>I bey you are glad you can see this sercet page</p>";
}else{
echo "<h1>Go Away!</h1><p>You are not authorized to use this source</p>";
}
//断开数据库连接
mysqli_free_result($result);
mysqli_close($db);
}
?>
7. 预定义模板 prepared station
作用:在执行大量具有不同数据的相同查询时,可以提高执行效率,也可以保护查询语句不受SQL注入(injection-style)的攻击;
①insert/update/delete
面向对象风格:
$query = "insert into books values(
? , ? , ? )"; //生成query预处理模板,使用?代替具体记录值
$stmt = $db->prepare($query); //对$db数据库对象创建$stmt预处理任务
$stmt->bind_param("sss",$isbn,$author,$price); //修改$stmt预处理任务的模板引用字段地址
$stmt->execute( ); //执行预处理任务
//提前声明创建$isbn,$author,$price变量;可以通过修改这些变量的值,重复使用模板;
change $isbn,$author,$price;
$stmt->execute();
$stmt->close();
面向过程风格:
$query = "insert into books values(
? , ? , ? )";
$stmt = mysqli_stmt_prepare($db,$query);
mysqli_stmt_bind_param($stmt,"sssd",$isbn,$author,$price);
mysqli_stmt_execute($stmt);
※mysqli_bind_param(格式,参数...):s-字符串,d-双精度浮点数,i-整数,b-blob值
mysqli_execute($stmt):执行改预定义模板
②select
面向对象:
$query = "select * from books"; //创建模板SQL命令
$stmt = $db->prepare($query); //对数据库对象绑定预处理模板的执行任务类
$stmt->bind_result($A,$B,$C); //修改预处理任务的模板引用字段(绑定结果)
$stmt->excute(); //执行预处理任务
while($stmt->fetch()){ //循环输出结果
echo $A.$B.$C;
}
面向过程:
$query = "select * from books";
$stmt =mysqli_stmt_prepare($db,$query);
mysqli_stmt_bind_param($stmt ,$A,$B,$C);
mysqli_stmt_execute($stmt);