从MySQL迁移到MySQLi

Question

有人可以指出我正确的方向。我正在从MySql过渡到MySqli。通常我会使用下面的代码从数据库中进行选择，这样我就可以轻松地将列值用作工作变量：

$SQLCommand = "SELECT * FROM table WHERE column1 = 'ok'";
$Data = mysql_query($SQLCommand);
$DataRow = mysql_fetch_assoc($Data);

$var1 = $DataRow["column1"];
$var2 = $DataRow["column2"];
$var3 = $DataRow["column3"];
$var4 = $DataRow["column4"];

我已经研究了如何使用MySql等价物，但我发现使用循环等有很多不同的方式。是否有类似的（想要更好的描述）做同样的事情？提前谢谢。

Answer 1

我建议使用PDO替代

，而不是顺其自然

$db = new PDO($dsn, 'username','password'); 
              //$dsn is the connection string to your database.
              //See documentation for examples

//The next two rows are optional, but i personally suggest them to
//ease developing, debugging (the 1st) and fetching results (the 2nd)

$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);

$stmt = $db->prepare("SELECT * FROM table WHERE column1 = :c1");
$stmt->bindValue(':c1', 'ok'); //This example is trivial and not necessary
                               //but it gains relevance when the bound value 
                               //is a variable
$rows = $stmt->fetchAll(); //if you expect a single row use fetch() instead

//do something with the results

您可以在此处详细了解PDO：PDO manual

最大的PDO优势在于它独立于应用程序使用的实际数据库。如果您希望将来更改数据库，例如SQLITE或PostgreSQL，则必须进行的唯一*更改是$dsn连接字符串

[*]仅当您使用标准SQL查询且没有特定于供应商时才为真。

Answer 2

直接转换是：

$Data = mysqli_query($connection, $SQLCommand);
$DataRow = mysqli_fetch_assoc($Data);

i以外的差异是mysqli_query需要连接作为参数（与大多数mysqli_*函数一样）。

MySQLi也有面向对象的风格：

$Data = $connection->query($SQLCommand); // assuming you created the $connection object
$DataRow = $data->fetch_assoc();

Answer 3

他们应该像

$mysqli = new mysqli("localhost", "my_user", "my_password", "my_db");
$SQLCommand = "SELECT * FROM table WHERE column1 = 'ok'";
$Data = $mysqli->query($SQLCommand);   
$DataRow = $mysqli->fetch_assoc($Data);

试试这个LINK

Answer 4

我的建议是在使用用户输入来防止SQL注入时使用mysqli prepared语句：

见下面的代码使用面向对象的方法和准备好的语句

<?php
$mysqli = new mysqli("example.com", "user", "password", "database");
if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}

if (!$mysqli->query("DROP TABLE IF EXISTS test") ||
!$mysqli->query("CREATE TABLE test(id INT, label CHAR(1))") ||
!$mysqli->query("INSERT INTO test(id, label) VALUES (1, 'a')")) {
    echo "Table creation failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
/* Prepared statement, stage 1: prepare */
$stmt = $mysqli->prepare("SELECT id, label FROM test WHERE id = ?");

/* Prepared statement, stage 2: bind and execute */    
$id = 1;
//note below "i" is for integer, "s" can be used for string
if (!$stmt->bind_param("i", $id)) {
    echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->execute();
$res = $stmt->get_result();
$row = $res->fetch_assoc();

printf("id = %s (%s)\n", $row['id'], gettype($row['id']));
printf("label = %s (%s)\n", $row['label'], gettype($row['label']));
?>