PHP MySQL Insert multiple pieces of data
Use MySQLi and PDO to insert multiple pieces of data into MySQL
The mysqli_multi_query() function can be used to execute multiple SQL statements.
The following example adds three new records to the "MyGuests" table:
Example (MySQLi - Object-oriented)
<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; // 创建链接 $conn = new mysqli($servername, $username, $password, $dbname); // 检查链接 if ($conn->connect_error) { die("连接失败: " . $conn->connect_error); } $sql = "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('John', 'Doe', 'john@example.com');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Mary', 'Moe', 'mary@example.com');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Julie', 'Dooley', 'julie@example.com')"; if ($conn->multi_query($sql) === TRUE) { echo "新记录插入成功"; } else { echo "Error: " . $sql . "<br>" . $conn->error; } $conn->close(); ?>
Please note that each SQL statement must be No. separated.
Instance (MySQLi - Procedure Oriented)
<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; // 创建链接 $conn = mysqli_connect($servername, $username, $password, $dbname); // 检查链接 if (!$conn) { die("连接失败: " . mysqli_connect_error()); } $sql = "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('John', 'Doe', 'john@example.com');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Mary', 'Moe', 'mary@example.com');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Julie', 'Dooley', 'julie@example.com')"; if (mysqli_multi_query($conn, $sql)) { echo "新记录插入成功"; } else { echo "Error: " . $sql . "<br>" . mysqli_error($conn); } mysqli_close($conn); ?>
Instance (PDO)
<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDBPDO"; try { $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password); // set the PDO error mode to exception $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // 开始事务 $conn->beginTransaction(); // SQL 语句 $conn->exec("INSERT INTO MyGuests (firstname, lastname, email) VALUES ('John', 'Doe', 'john@example.com')"); $conn->exec("INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Mary', 'Moe', 'mary@example.com')"); $conn->exec("INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Julie', 'Dooley', 'julie@example.com')"); // 提交事务 $conn->commit(); echo "新记录插入成功"; } catch(PDOException $e) { // 如果执行失败回滚 $conn->rollback(); echo $sql . "<br>" . $e->getMessage(); } $conn = null; ?>
Use prepared statements
Mysqli extension provides The second way is used to insert statements.
We can prepare statements and bind parameters.
mysql extension can send statements or queries to the mysql database without data. You can nematically associate or "bind" variables.
Example (MySQLi uses prepared statements)
<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; // 创建连接 $conn = new mysqli($servername, $username, $password, $dbname); // 检测连接 if ($conn->connect_error) { die("连接失败: " . $conn->connect_error); } else { $sql = "INSERT INTO MyGuests VALUES(?, ?, ?)"; // 为 mysqli_stmt_prepare() 初始化 statement 对象 $stmt = mysqli_stmt_init($conn); //预处理语句 if (mysqli_stmt_prepare($stmt, $sql)) { // 绑定参数 mysqli_stmt_bind_param($stmt, 'sss', $firstname, $lastname, $email); // 设置参数并执行 $firstname = 'John'; $lastname = 'Doe'; $email = 'john@example.com'; mysqli_stmt_execute($stmt); $firstname = 'Mary'; $lastname = 'Moe'; $email = 'mary@example.com'; mysqli_stmt_execute($stmt); $firstname = 'Julie'; $lastname = 'Dooley'; $email = 'julie@example.com'; mysqli_stmt_execute($stmt); } } ?>
We can see that modularization is used to solve the problem in the above example. We can achieve easier reading and management by creating code blocks.
Pay attention to the binding of parameters. Let's take a look at the code in mysqli_stmt_bind_param():
mysqli_stmt_bind_param($stmt, 'sss', $firstname, $lastname, $email);
This function binds the parameter query and Parameters are passed to the database. The second parameter is "sss" . The following list shows the parameter types. The s character tells mysql that the parameter is a string.
can be the following four parameters:
· i - integer
· d - double precision floating point number
· s - string
· b - Boolean value
Each parameter must specify a type to ensure data security. Type judgment can reduce the risk of SQL injection vulnerabilities.