In my PHP development process, the database uses the mysql database. Database-related operations basically use the mysql extension functions in php, such as mysql_query, mysql_connect and other functions. These traditional methods are used to connect and query the database. At that time, I personally felt that there were two disadvantages. One is that it has no scalability, that is, it can only be used in mysql database. If you want to change the database, the PHP extension functions used are different. If you want to change the database during the development process, then all the same Database-related operations have to be redone; the second is that if the filtering statements are not strict, there will be the risk of SQL injection, causing the website to be maliciously attacked and out of control. Although the mysql_real_escape_string() function is used to filter user-submitted values, it also has flaws. By using the prepare method of PHP's PDO extension, you can effectively avoid the risk of sql injection.
1. Introduction to PDO
The PDO extension defines a lightweight, consistent interface for PHP to access databases. It provides a data access abstraction layer so that no matter what database is used, queries and data can be obtained through consistent functions. PDO is released with PHP5.1 and can also be used in the PECL extension of PHP5.0, but cannot run on previous PHP versions. Compared with mysql and mysqli, PDO makes cross-database use more friendly.
2. PDO installation and configuration
In php5.2.10, php has pdo installed by default.
Open the php.ini file, find the sentence extension=php_pdo.dll, remove the previous comment symbol, and then restart apache. If you don't find this sentence, you can add it yourself or check whether the system uses the dynamic link library file .so during installation. If so, you can find a conf.d folder in the php directory, and there is a pdo below. ini link file, if there is a sentence extension=pdo.so in it, it means that PDO has been enabled.
To verify whether PDO has been enabled in PHP, first write a script with the content
<?php
phpinfo();
?>If the displayed results contain the following content, it means that the PDO extension has been enabled.
3. Create a PDO object
__construct(string dsn[,string username [,string password [, array driver_options]]]);//pdo的构造方法Parameter analysis: The first required parameter is the data source name DSN, which is used to define a certain database and the driver that must be used.
For example, the DSN formats for connecting the oracle server and mysql server are as follows:
ocl:dbname=//127.0.0.1:1521/mydb //DSN to connect to Oracle server, oci: as driver prefix, host 127.0.0.1, port 1521, database mydb
mysql:host=127.0.0.1;dbname=testdb //DSN to connect to Mysql server, mysql: as driver prefix, host 127.0.0.1, database testdb
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'root';
$password = 'root';
try {
$dbh = new PDO($dsn, $user, $password);
}catch(PDOException $e) {
echo "connect failed: ".$e->getMessage();
}4. PDO setting properties
1) PDO has three error handling methods:
? PDO::ERrmODE_SILENT does not display error information, only sets error code
? PDO::ERrmODE_WARNING displays warning error
? PDO::ERrmODE_EXCEPTION throws an exception
You can use the following statement to set the error handling method to throw an exception
$dbh->setAttribute(PDO::ATTR_ERrmODE, PDO::ERrmODE_EXCEPTION);When set to PDO::ERrmODE_SILENT, you can get error information by calling errorCode() or errorInfo(), of course, it can also be used in other situations.
2) Because different databases handle the case of returned field names differently, PDO provides the PDO::ATTR_CASE setting item (including PDO::CASE_LOWER, PDO::CASE_NATURAL, PDO::CASE_UPPER) to determine the returned field name. Upper and lower case.
3) Specify the corresponding value in php for the NULL value returned by the database by setting the PDO::ATTR_ORACLE_NULLS type (including PDO::NULL_NATURAL, PDO::NULL_EmpTY_STRING, PDO::NULL_TO_STRING).
5. Common PDO methods and their applications
PDO::query() is mainly used for operations that return recorded results, especially SELECT operations
PDO::exec() is mainly used for operations that do not return a result set, such as INSERT, UPDATE and other operations
PDO::prepare() is mainly a preprocessing operation. You need to use $rs->execute() to execute the SQL statement in the preprocessing. This method can bind parameters and is relatively powerful (preventing SQL injection depends on this)
PDO::lastInsertId() returns the last insert operation, the primary key column type is the last auto-increment ID
PDOStatement::fetch() is used to get a record
PDOStatement::fetchAll() is to get all recordsets into a collection
PDOStatement::fetchColumn() is a field of the first record specified in the fetch result. The default is the first field
PDOStatement::rowCount(): Mainly used for the result set affected by PDO::query() and PDO::prepare()'s DELETE, INSERT, and UPDATE operations. It is invalid for the PDO::exec() method and SELECT operation.
6. PDO operation MYSQL database instance
$sql = "UPDATE article SET title="haha" WHERE id=1";
$affected = $dbh->exec($query);
if($affected) {
echo "successed";
}else {
print_r($dbh->errorINdo());
}Preprocessing method:
$SQLStatament = "INSERT INTO article VALUES(":title, :content")";
$param = array(":title" => "something",
":content" => "aaaa");
//准备的参数,对应数据库的字段
$stmt = $dbh->prepare($SQLStatement);
$stmt->execute($param);
Optimize PHP Code: Reducing Memory Usage & Execution TimeMay 10, 2025 am 12:04 AMTooptimizePHPcodeforreducedmemoryusageandexecutiontime,followthesesteps:1)Usereferencesinsteadofcopyinglargedatastructurestoreducememoryconsumption.2)LeveragePHP'sbuilt-infunctionslikearray_mapforfasterexecution.3)Implementcachingmechanisms,suchasAPC
PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AMPHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct
How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AMThe best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.
Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AMCustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr
Guide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AMSending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.
What is the best way to send an email using PHP?May 08, 2025 am 12:21 AMThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu
Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AMThe reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.
PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AMPHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Zend Studio 13.0.1
Powerful PHP integrated development environment
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
