我有一个php脚本,其中包含很多与数据库连接的mysql函数,出于安全考虑,我希望用pdo函数替换这些mysql函数。
$e = mysql_real_escape_string($l);
$query = "SELECT * FROM users";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result)
$query = "SELECT * FROM users WHERE (first_name='" . $f_name . "' AND last_name='" . $l_name . "') OR (email = '" . $email . "')";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
$insert = "INSERT INTO users(`email`, `first_name`, `last_name`, `created_at`, `modified_at`) VALUES ('{$email}', '{$f_name}', '{$l_name}','" . date('Y-m-d H:i:s') . "','" . date('Y-m-d H:i:s') . "');";
$update = "UPDATE users SET `is_user`=1 WHERE user_id=" . $user_id;
mysql_query($insert) or die(mysql_error());
mysql_query($update) or die(mysql_error());
答案 0 :(得分:0)
这是一个可用于执行PDO的干净版本:
<?php
$cnx = new PDO('mysql:host=HOST;dbname=DATABASE','userid','passeword');
$cnx->query('SET NAMES utf8');
$cnx->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
try{
$req = $cnx->prepare("SELECT * FROM users WHERE (first_name=:firstname AND last_name=:lastname) OR (email=:mail);");
$req-> bindValue(':firstname',$f_name);
$req-> bindValue(':lastname',$l_name);
$req-> bindValue(':mail',$email);
$req-> execute();
$data = $req->fetchAll(PDO::FETCH_COLUMN);
}
catch(PDOExeption $e){}
?>
根据您的需要,看看它们之间的区别:PDO :: FETCH_FUNC / PDO :: FETCH_COLUMN / PDO :: FETCH_GROUP
fetchAll doc:
http://php.net/manual/fr/pdostatement.fetchall.php
您也可以将所有值绑定在一行中,请参阅binValue文档。