本文深入探讨了在PHP5环境中禁用MySQL支持的背景,并指导如何通过修改php.ini配置来启用MySQL扩展。进一步介绍了从传统的mysql_connect升级到更安全的mysqli或PDO连接方式,避免SQL注入风险,同时提供了实际代码示例进行对比说明。
在 PHP 5 中,在默认情况下 MySQL 支持是禁止的
需要在 php.ini 中打开 mysql 扩展的加载
extension_dir = "ext" //扩展目录打开
extension=php_mysql.dll // 要加载的扩展
然后 会警告
mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in
大意是 mysql_connect(php_mysql.dll) 马上就要废弃了,待会我们会换成 打开 php_mysqli.dll
#php_mysql.dll
<?php
mysql_connect($db_host, $db_user, $db_password);
mysql_select_db($dn_name);
$result = mysql_query("SELECT `name` FROM `users` WHERE `location` = '$location'");//此处很容易sql注入
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo $row['name'];
}
mysql_free_result($result);
?>
#另一种 php_mysqli.dll
<?php
$mysqli = new mysqli($db_host, $db_user, $db_password, $db_name);
$sql = "INSERT INTO `users` (id, name, gender, location) VALUES (?, ?, ?, ?)";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('dsss', $source_id, $source_name, $source_gender, $source_location);
$stmt->execute();
$stmt->bind_result($id, $name, $gender, $location);
while ($stmt->fetch())
{
echo $id . $name . $gender . $location;
}
$stmt->close();
$mysqli->close();
?>
则相对安全多了
扫一扫
225
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
