Learning SELECT FROM WHERE prepared statements

后端 未结 4 1904
清歌不尽
清歌不尽 2020-12-04 04:07

Can someone re-write the below code as a prepared statement?

result = mysqli_query($con,\"SELECT * FROM note_system WHERE note = \'$cnote\'\") 
or die(\"Erro         


        
相关标签:
4条回答
  • 2020-12-04 04:40

    Hello ButterDog let me walk you through PDO step by step.

    Step 1)

    create a file called connect.php (or what ever you want). This file will be required in each php file that requires database interactions.

    Lets start also please note my comments :

    ?php
    
    //We set up our database configuration
    $username="xxxxx"; // Mysql username
    $password="xxxxx"; // Mysql password
    
    
    // Connect to server via PHP Data Object
    $dbh = new PDO("mysql:host=xxxxx;dbname=xxxxx", $username, $password); // Construct the PDO variable using $dbh
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Set attributes for error reporting very IMPORTANT!
    $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, FALSE); // Set this to false so you can allow the actual PDO driver to do all the work, further adding abstraction to your data interactions.
    ?>
    

    Step 2) Require the connect.php please take a look :

    require ('....../........./...../connect.php'); // Require the connect script that made your PDO variable $dbh
    

    Step 3)

    to start database interactions just do the following also please read the code comments. For the moment we will not worry about arrays! Get the full gyst of PDO then worry about making it easier to work with! With repetition the "long way" comes more understanding of the code. Do not cut corners to begin with, cut them once you understand what you are doing!

    $query = $dbh->prepare("SELECT * FROM note_system WHERE note = :cnote"); // This will call the variable $dbh in the required file setting up your database connection and also preparing the query!
    
    $query->bindParam(':cnote', $cnote); // This is the bread and butter of PDO named binding, this is one of the biggest selling points of PDO! Please remember that now this step will take what ever variable ($cnote) and relate that to (:cnote)
    
    $query->execute(); // This will then take what ever $query is execute aka run a query against the database
    
    $row = $query->fetch(PDO::FETCH_ASSOC); // Use a simple fetch and store the variables in a array
    
    echo $row['yourvalue']; // This will take the variable above (which is a array) and call on 'yourvalue' and then echo it.
    

    Thats all there is to PDO. Hope that helped!

    Also take a look at this. That helped me so so much!

    I also use this as a reference (sometimes) - The web site looks like crap but there is quality information on PDO on there. I also use this and I swear this is the last link! So after this any questions just ask, but hopefully this can turn into a little reference guide on PDO. (hopefully lol)

    0 讨论(0)
  • 2020-12-04 04:41

    Use pdo:

    http://php.net/manual/en/book.pdo.php

    from various docs:

    /* Connect to an ODBC database using driver invocation */
    $dsn = 'mysql:dbname=testdb;host=127.0.0.1';
    $user = 'dbuser';
    $password = 'dbpass';
    
    try {
        $dbh = new PDO($dsn, $user, $password);
    } catch (PDOException $e) {
        echo 'Connection failed: ' . $e->getMessage();
    }
    
    $sql = 'SELECT name, colour, calories
    FROM fruit
    WHERE calories < :calories AND colour = :colour';
    $sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
    $sth->execute(array(':calories' => 150, ':colour' => 'red'));
    $red = $sth->fetchAll();
    
    0 讨论(0)
  • 2020-12-04 04:46

    This is one way to do it with PDO:

    $sel = $db->prepare("SELECT * FROM note_system WHERE note=:note");
    $sel->execute(array(':note' => $_POST['note']));
    $notes = $sel->fetchAll(PDO::FETCH_ASSOC);
    

    See the placeholder :note in the query in line 1, which is bound to $_POST['note'] (or any other variable for that matter) in line 2.

    If I want to run that query again, with a different value as :note, I'll just call lines 2 and 3.

    Displaying the results:

    foreach ($notes as $note) {
    
        echo $note['id'] . ": " . $note['text'] . "<br />";
    }
    
    0 讨论(0)
  • 2020-12-04 05:07

    This should help you on the right path...

    $link = mysqli_connect("localhost", "my_user", "my_password", "world");
    
    /* check connection */
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }
    
    $query = "SELECT id FROM note_system WHERE note = ?";
    
    $stmt = mysqli_stmt_init($link);
    if(!mysqli_stmt_prepare($stmt, $query)) {
        print "Failed to prepare statement\n";
    }
    else {
        $note = "mynote";
        mysqli_stmt_bind_param($stmt, "s", $note);
    
        mysqli_stmt_execute($stmt);
        $result = mysqli_stmt_get_result($stmt);
        while ($row = mysqli_fetch_array($result))
        {
            $nid = $row['id'];
        }
    }
    
    mysqli_stmt_close($stmt);
    mysqli_close($link);
    
    0 讨论(0)
提交回复
热议问题