发表新帖
发表新帖

Is there a better, more “Standard” way to perform SQL queries in PHP without using a framework?

前端 未结
关注
8 973
借酒劲吻你
借酒劲吻你 2021-01-27 09:02

For the longest time, I\'ve been using the following basic formatting for SQL queries within my PHP:

$sql = \"SELECT * FROM `user-data` WHERE `id` = \'\".$id.\"\
相关标签:
8条回答
  • 我在风中等你
    2021-01-27 09:18

    Another vote for doctrine. Don't waste your time with PDO. I can't emphasize this enough. Go with an orm. Forget about wasting time writing CRUD methods, custom caching logic, and worrying about premature optimization such as "overhead" resulting from a library. The overhead incurred by spattering statements like "select * from app_users" and their associated ugly heredocs isn't worth it.

    If you need to fall back to sql, you can. The other 90% of the time you're in a state of bliss.

    http://www.doctrine-project.org/

    0 讨论(0)
  • 盖世英雄少女心
    2021-01-27 09:19

    There is MDB_QueryTool I never tried.

    IMHO Zend_DB is really cool, the zend framework allow you to use only the part you are interested in so you might want to take it a look event if you don't want the full framework.

    what I like in Zend_DB is the table select syntax

    $userRowset = $user->fetchAll( $user->select()
 ->where('name LIKE ?', $name . '%')
 ->order('id ASC')
 ->limit(10) 
);

    You can easily see all the criterias and table involved so I find better then doing plain SQL. Just one warning Zend_DB doesn't handle all the SQL, so time to time you would have to write plain SQL but that's really rare.

    0 讨论(0)
  • 爱一瞬间的悲伤
    2021-01-27 09:24

    Maybe it would make you a little happier at least to use PHP's string variable substitution:

    $sql = "SELECT * FROM `user-data` WHERE `id` = '$id' LIMIT 1;";
    0 讨论(0)
  • 清歌不尽
    2021-01-27 09:26

    I've been wondering why I am always seeing the more complicated form of string building like this: "literal string " . $a . " more literal", rather than "literal string $a more literal", or in your case:

    "SELECT * FROM `user-data` WHERE `id` = '".$id."' LIMIT 1;";

    instead of this:

    "SELECT * FROM `user-data` WHERE `id` = '$id' LIMIT 1;";

    For more complicated expressions, I like to use sprintf (but I was a c programmer for a long time):

    $sql = sprintf("SELECT * FROM `user-data` WHERE `id` = '%s' LIMIT 1", $id);

    This can also be written in this format:

    $sql = sprintf("
    SELECT * 
       FROM `user-data` 
    WHERE `id` = '%s' 
        LIMIT 1", 
    $id);

    In this case, it doesn't buy much, but when there are several variables embedded in the string, it makes it easier to manage.

    0 讨论(0)
  • 隐瞒了意图╮
    2021-01-27 09:27

    Doctrine is an ORM wrapped around PDO.

    0 讨论(0)
  • 梦如初夏
    2021-01-27 09:30

    You can use mysqli to write little place holders in you SQL and then fill them in. It should be less susceptible to SQL injection attacks than string concatenation.

    $conn = new mysqli($server, $username, $password, $database);
$stmt = $conn->prepare('SELECT * FROM people WHERE age = ? AND name != ?');
$stmt->bind_param('is', 20, "Austin");
    0 讨论(0)
 看不清?
提交回复
热议问题