当前位置：网站首页>PHP MySQL preprocessing statement

PHP MySQL preprocessing statement

2022-07-03 17:50:00 【Crooning ~ shallow singing】

Preprocessing statements and binding parameters

Preprocessing statements are used to execute multiple identical SQL sentence , And more efficient execution .

Preprocessing statements work as follows ：

Preprocessing ： establish SQL Statement template and send it to the database . The reserved value uses the parameter "?" Mark . for example ：
```
INSERT INTO MyGuests (firstname, lastname, email) VALUES(?, ?, ?)
```
Database parsing , compile , Yes SQL The statement template performs query optimization , And store the results without outputting .
perform ： Last , Pass the value of the application binding to the parameter （"?" Mark ）, Database execution statement . An application can execute statements multiple times , If the values of the parameters are different .

Compared to direct execution SQL sentence , Preprocessing statements have two main advantages ：

Preprocessing statements greatly reduces analysis time , Only one query was made （ Although the statement is executed multiple times ）.
Binding parameters reduce server bandwidth , You only need to send the parameters of the query , Not the whole statement .
The preprocessing statement is for SQL Injection is very useful , Because different protocols are used after parameter values are sent , Ensure the legitimacy of the data .

MySQLi Preprocessing statement

The following examples are in MySQLi Preprocessing statements are used in , And bind the corresponding parameters :

example (MySQLi Use preprocessing statements )

<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Detection connection if ($conn->connect_error) { die(" The connection fails : " . $conn->connect_error); } // Preprocessing and binding $stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)"); $stmt->bind_param("sss", $firstname, $lastname, $email); // Set parameters and execute $firstname = "John"; $lastname = "Doe"; $email = "[email protected]"; $stmt->execute(); $firstname = "Mary"; $lastname = "Moe"; $email = "[email protected]"; $stmt->execute(); $firstname = "Julie"; $lastname = "Dooley"; $email = "[email protected]"; $stmt->execute(); echo " New record inserted successfully "; $stmt->close(); $conn->close(); ?>

Parse each line of code for the following example :

"INSERT INTO MyGuests (firstname, lastname, email) VALUES(?, ?, ?)"

stay SQL In the sentence , We used a question mark (?), Here we can replace the question mark with an integer , character string , Double precision floating point and Boolean values .

Next , Let's take a look bind_param() function ：

$stmt->bind_param("sss", $firstname, $lastname, $email);

This function is bound to SQL Parameters of , And tell the value of the database parameter . "sss" The parameter column handles the data types of the remaining parameters .s Character tells the database that the parameter is a string .

There are four types of parameters :

i - integer（ integer ）
d - double（ Double precision floating point ）
s - string（ character string ）
b - BLOB（binary large object: Binary big object ）

Each parameter needs to specify a type .

By telling the data type of database parameters , Can reduce the SQL The risk of Injection .

	Be careful ： If you want to insert other data （ User input ）, Validation of data is very important .

PDO Preprocessing statements in

The following examples are given in PDO Preprocessing statements and binding parameters are used in :

example (PDO Use preprocessing statements )

<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDBPDO"; try { $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password); // Set up PDO The error mode is exception $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Preprocessing SQL And bind parameters $stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (:firstname, :lastname, :email)"); $stmt->bindParam(':firstname', $firstname); $stmt->bindParam(':lastname', $lastname); $stmt->bindParam(':email', $email); // Insert row $firstname = "John"; $lastname = "Doe"; $email = "[email protected]"; $stmt->execute(); // Insert other rows $firstname = "Mary"; $lastname = "Moe"; $email = "[email protected]"; $stmt->execute(); // Insert other rows $firstname = "Julie"; $lastname = "Dooley"; $email = "[email protected]"; $stmt->execute(); echo " New record inserted successfully "; } catch(PDOException $e) { echo "Error: " . $e->getMessage(); } $conn = null; ?>

原网站

版权声明
本文为[Crooning ~ shallow singing]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/02/202202150325513481.html