PHP MySQL inserts multiple pieces of data

Use MySQLi and PDO towards MySQL Insert multiple data

mysqli_multi_query() Function can be used to execute multiple SQL sentence .

The following example shows "MyGuests" Three new records have been added to the table :

example (MySQLi - object-oriented )

<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; // Create links $conn = new mysqli($servername, $username, $password, $dbname); // Check links if ($conn->connect_error) { die(" The connection fails : " . $conn->connect_error); } $sql = "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('John', 'Doe', '[email protected]');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Mary', 'Moe', '[email protected]');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Julie', 'Dooley', '[email protected]')"; if ($conn->multi_query($sql) === TRUE) { echo " New record inserted successfully "; } else { echo "Error: " . $sql . "<br>" . $conn->error; } $conn->close(); ?>

example (MySQLi - Process oriented )

<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; // Create links $conn = mysqli_connect($servername, $username, $password, $dbname); // Check links if (!$conn) { die(" The connection fails : " . mysqli_connect_error()); } $sql = "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('John', 'Doe', '[email protected]');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Mary', 'Moe', '[email protected]');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Julie', 'Dooley', '[email protected]')"; if (mysqli_multi_query($conn, $sql)) { echo " New record inserted successfully "; } else { echo "Error: " . $sql . "<br>" . mysqli_error($conn); } mysqli_close($conn); ?>

example (PDO)

<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDBPDO"; try { $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password); // set the PDO error mode to exception $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Start business $conn->beginTransaction(); // SQL sentence $conn->exec("INSERT INTO MyGuests (firstname, lastname, email) VALUES ('John', 'Doe', '[email protected]')"); $conn->exec("INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Mary', 'Moe', '[email protected]')"); $conn->exec("INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Julie', 'Dooley', '[email protected]')"); // Commit transaction $conn->commit(); echo " New record inserted successfully "; } catch(PDOException $e) { // Rollback if execution fails $conn->rollback(); echo $sql . "<br>" . $e->getMessage(); } $conn = null; ?>

Use preprocessing statements

mysqli Extensions provide a second way to insert statements .

We can preprocess statements and bind parameters .

mysql Extensions can send statements or query to without data mysql database . You can relate to columns or " binding " Variable .

example (MySQLi Use preprocessing statements )

<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Detection connection if ($conn->connect_error) { die(" The connection fails : " . $conn->connect_error); } else { $sql = "INSERT INTO MyGuests(firstname, lastname, email) VALUES(?, ?, ?)"; // by mysqli_stmt_prepare() initialization statement object $stmt = mysqli_stmt_init($conn); // Preprocessing statement if (mysqli_stmt_prepare($stmt, $sql)) { // Binding parameters mysqli_stmt_bind_param($stmt, 'sss', $firstname, $lastname, $email); // Set parameters and execute $firstname = 'John'; $lastname = 'Doe'; $email = '[email protected]'; mysqli_stmt_execute($stmt); $firstname = 'Mary'; $lastname = 'Moe'; $email = '[email protected]'; mysqli_stmt_execute($stmt); $firstname = 'Julie'; $lastname = 'Dooley'; $email = '[email protected]'; mysqli_stmt_execute($stmt); } } ?>

We can see that modularity is used to deal with the problem in the above example . We can make it easier to read and manage by creating code blocks .

Note the binding of parameters . Let's see mysqli_stmt_bind_param() The code in ：

mysqli_stmt_bind_param($stmt, 'sss', $firstname, $lastname, $email);

This function binds the parameter query and passes the parameter to the database . The second parameter is "sss" . The following list shows the types of parameters . s Characters tell mysql The argument is a string .

It can be the following four parameters :

• i - Integers
• d - Double precision floating point
• s - character string
• b - Boolean value

Each parameter must specify the type , To ensure data security . Through type judgment, we can reduce SQL The risk of injecting vulnerabilities .