说我有一个包含4个字段的mySQL数据库表:
我的数据如下:
link_id | page_id | anchor_text | url
1 | 1 | Link One | http://www.one.com
2 | 1 | Link Two | http://www.two.com
3 | 2 | Link Three | http://www.three.com
我如何最好编写一个函数来获取给定页面的链接,然后使用该函数来显示它们?
function get_page_links($page_id) {
$db = new mysqli("localhost", "root", "root", "my_db");
//what's next?
}
用法:
$my_links = get_page_links(1);
//do something to parse $my_links
显示:
<a href="http://www.one.com">Link One</a>
<a href="http://www.two.com">Link Two</a>
答案 0 :(得分:2)
$q = "SELECT *";
$q.= " FROM yourtablename";
$q.= " WHERE `page-id` = ".(int)$page_id;
$q.= " ORDER BY `link-id`";
反引号可能没有必要,但我把它们丢在那里,因为你的字段名称中有连字符。
请注意,这里有非常基本的验证。通过在附加它之前将$page_id转换为int,可以确保它不会是某种注入攻击。这不是一个很好的方法,但它会起作用。
mysqli_real_escape_string()之类的东西是应该考虑的替代方案,尤其是对于更一般的消毒。
可替换地:
$q = sprintf("SELECT *
FROM yourtablename
WHERE `page-id` = %d
ORDER BY `link-id", $page_id);
我更喜欢。
修改:现在是什么?
首先,不要使用mysqli,让我们使用PDO。
其次,我们不想在每次调用函数时连接到数据库,我们想要这样做一次。所以将其移出功能。
// Typically this line is in another file and included once, but for now lets just
// get this out of the function
$db = new PDO('mysql:host=localhost;dbname=my_db', 'root', 'root');
// Your function
function get_page_links($page_id) {
// Build query
$q = sprintf("SELECT *
FROM yourtablename
WHERE `page-id` = %d
ORDER BY `link-id`", $page_id);
// Run Query
foreach ($db->query($q) as $a) {
printf('<a href="%s">%s</a>'."\n", $a['url'], $a['anchor-text']);
}
}
答案 1 :(得分:2)
对我来说看起来像一个相当简单的查询
SELECT *
FROM `links_table`
WHERE `page_id` = $page_id
ORDER BY `link_id` ASC;
这当然是假设$page_id不是来自用户输入,而是安全地进行了清理。如果没有,你应该使用准备好的陈述。
了解 Executing Statements on MySQLi ,了解如何处理此查询生成的结果。
我不熟悉MySQLi,因为我更喜欢PDO。在PDO中,我会做这样的事情:
<?php
/**
* @param integer $page_id
* @param PDO $db
*
* @return array
*/
/*
* First, we give the function the database connection object as an argument.
* A function to get the page links shouldn't care where you got the connection from!
*/
function get_page_links($page_id, PDO $db) {
$query = <<<MySQL
SELECT *
FROM `links_table`
WHERE `page_id` = :page_id
ORDER BY `link_id` ASC;
MySQL;
/*
* Prepare the query and bind all values to placeholders
*/
$stmt = $db->prepare($query);
$stmt->bindValue(":page_id", $page_id, PDO::PARAM_INT);
$stmt->execute();
/*
* Fetch all results to an array, and return it
*/
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
return $result;
}
try {
/*
* Start new PDO connection for the function
*/
$db = new PDO("mysql:host=localhost;dbname=database_name", "user", "password");
//This line tells PDO to throw PDOExceptions in case of errors,
//which are much easier to handle
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//This lines disables PDO's default emulation for prepared statements. Adds security.
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$links = get_page_links(1, $db);
}
catch (PDOException $e) {
die("There has been an error with the database: " . $e->getMessage());
}
foreach ($links as $link) {
echo "<a href='{$link["url"]}'>{$link["anchor_text"]}</a>";
}