本文介绍了一个使用PHP和MySQL预处理语句创建数据库、表及插入数据的例子。通过预处理可以有效地防止SQL注入攻击,并提高代码的可读性和维护性。
创建数据库test和对应的表test,通过预处理向test表中插入多条数据。
代码如下:
<?php
// 使用预处理操作数据库
$dbServer = "localhost:3306";
$dbUser = "root";
$dbPass = "";
$dbName = "test";
// 创建连接
$conn = new mysqli($dbServer, $dbUser, $dbPass, $dbName);
if ($conn->connect_error)
die("连接失败:" . $conn->connect_error);
else
echo "连接成功!<br>";
// 创建表
$sql = "CREATE TABLE test (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
age int(8) UNSIGNED NOT NULL,
email VARCHAR(50)
)";
if ($conn->query($sql) == TRUE)
echo "数据表创建成功。<br>";
else
echo "数据表创建失败:" . $conn->error . "<br>";
// 创建预处理对象
$sql = "INSERT INTO test (firstname, lastname, age, email) VALUES (?, ?, ?, ?)";
$info = array(1 => array('firstname'=>'kobe', 'lastname'=>'bryant', 'age'=>30, 'email'=>"kobe@qq.com"),
2 => array('firstname'=>'yao', 'lastname'=>'ming', 'age'=>20, 'email'=>"yao@qq.com"));
$stmt = $conn->prepare($sql) or die($conn->error);
foreach ($info as $num => $value) {
// 参数绑定: ssis代表,第一个、第二个、第三个参数是string类型,第四个参数是int类型
$stmt->bind_param('ssis', $value['firstname'], $value['lastname'], $value['age'], $value['email']);
if (!$stmt->execute())
die("插入失败:" . $conn->error . "<br>");
}
echo "插入成功<br>";
$stmt->close();
$sql = "SELECT * FROM test";
$result = $conn->query($sql);
if ($result->num_rows > 0){
// 输出每行数据
echo "查询结果 : <br>";
while($row = $result->fetch_assoc()){
echo "id: " . $row["id"] . " ; firstname: " . $row["firstname"] . " ; lastname : "
. $row["lastname"] . " ; age : " . $row["age"] . " ; email : " . $row["email"] . "<br>";
}
}
else
echo "0个结果";
// 关闭连接
$conn->close();
?>运行结果如下:
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
