PHP预备语句 使用绑定的输入变量的一个数据处理查询的例子

于 2020-05-08 00:10:46 发布
阅读量261 收藏
点赞数
CC 4.0 BY-SA版权
分类专栏: php 文章标签: php mysql
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/esanweb/article/details/105985074
本文演示了如何使用PHP的mysqli扩展进行SQL预处理和参数绑定,通过创建alfas表并插入多条记录,展示了如何使用prepare和bind_param方法有效防止SQL注入。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

<?php
//$conn = mysqli_connect("localhost","root","root","world");
$conn = new mysqli("localhost","root","root","world");

//var_dump($conn);

$conn->query("CREATE TABLE alfas (year INTEGER, model VARCHAR(50), accel REAL)");

$stmt = $conn->prepare("INSERT INTO alfas VALUES(?, ?, ?) ");
var_dump($stmt);

$stmt->bind_param("isd", $year, $model, $accel);

$year = 2001;
$model = '156 2.0 Selespeed';
$accel = 8.6;
$stmt->execute();

$year = 2003;
$model = '147 2.0 Selespeed';
$accel = 9.3;
$stmt->execute();

$year = 2004;
$model = '156 GTA Sportwagon';
$accel = 6.3;
$stmt->execute();

执行结果:

object(mysqli_stmt)[2]
  public 'affected_rows' => int 0
  public 'insert_id' => int 0
  public 'num_rows' => int 0
  public 'param_count' => int 3
  public 'field_count' => int 0
  public 'errno' => int 0
  public 'error' => string '' (length=0)
  public 'error_list' => 
    array (size=0)
      empty
  public 'sqlstate' => string '00000' (length=5)
  public 'id' => int 1

 

注意是先有prepare,?占位,然后是bind_param,接下来才是给占位的各个变量赋值,最后是execute,后两步可多次执行.关于bind_param的第一个参数,可以参考以下文档:

/**
 * Binds variables to a prepared statement as parameters
 * @link http://php.net/manual/en/mysqli-stmt.bind-param.php
 * @param string $types <p>
 * A string that contains one or more characters which specify the types
 * for the corresponding bind variables:
 * <table>
 * Type specification chars
 * <tr valign="top">
 * <td>Character</td>
 * <td>Description</td>
 * </tr>
 * <tr valign="top">
 * <td>i</td>
 * <td>corresponding variable has type integer</td>
 * </tr>
 * <tr valign="top">
 * <td>d</td>
 * <td>corresponding variable has type double</td>
 * </tr>
 * <tr valign="top">
 * <td>s</td>
 * <td>corresponding variable has type string</td>
 * </tr>
 * <tr valign="top">
 * <td>b</td>
 * <td>corresponding variable is a blob and will be sent in packets</td>
 * </tr>
 * </table>
 * </p>
 * @param mixed $var1 <p>
 * The number of variables and length of string
 * types must match the parameters in the statement.
 * </p>
 * @param mixed $_ [optional]
 * @return bool true on success or false on failure.
 * @since 5.0
 */
public function bind_param ($types, &$var1, &$_ = null) {}

示例中取"isd",指示后面的3个变量分别是整形integer,字符串型string,双精度浮点型double

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值