Home >Backend Development >PHP Tutorial >Introduction to specific functions of using MySQL directly with PHP_PHP Tutorial

Introduction to specific functions of using MySQL directly with PHP_PHP Tutorial

WBOY
WBOYOriginal
2016-07-15 13:29:521029browse

We are working on List 1. Access/get.php

<ol class="dp-xml">
<li class="alt"><span><span><?php  </span></span></li>
<li class=""><span>function get_user_id( $name )  </span></li>
<li class="alt"><span>{  </span></li>
<li class="">
<span> $</span><span class="attribute"><font color="#ff0000">db</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">mysql_connect</font></span><span>( 'localhost', 'root', 'password' );  </span>
</li>
<li class="alt"><span> mysql_select_db( 'users' );  </span></li>
<li class=""><span> </span></li>
<li class="alt">
<span> $</span><span class="attribute"><font color="#ff0000">res</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">mysql_query</font></span><span>( "SELECT id FROM users WHERE </span><span class="attribute"><font color="#ff0000">login</font></span><span>=</span><span class="attribute-value"><font color="#0000ff">'".$name."'</font></span><span>" );  </span>
</li>
<li class="">
<span> while( $</span><span class="attribute"><font color="#ff0000">row</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">mysql_fetch_array</font></span><span>( $res ) ) { $</span><span class="attribute"><font color="#ff0000">id</font></span><span> = $row[0]; }  </span>
</li>
<li class="alt"><span> </span></li>
<li class=""><span> return $id;  </span></li>
<li class="alt"><span>}  </span></li>
<li class=""><span> </span></li>
<li class="alt"><span>var_dump( get_user_id( 'jack' ) );  </span></li>
<li class=""><span>?> </span></li>
</ol>

Note that the mysql_connect function is used to enable PHP to use MySQL directly. Also note the query, which uses string concatenation to add the $name parameter to the query.

There are two good alternatives to this technology: the PEAR DB module and the PHP Data Objects (PDO) class. Both provide abstractions from specific database selections. So your code can run without much tweaking on IBM® DB2®, MySQL, PostgreSQL, or any other database you want to connect to.

Another value of using the PEAR DB module and the PDO abstraction layer is that you can use the ? operator in SQL statements. Doing so makes SQL easier to maintain and protects your application from SQL injection attacks.

Alternative code using PEAR DB is shown below.

Listing 2. Access/get_good.php

<ol class="dp-xml">
<li class="alt"><span><span><?php  </span></span></li>
<li class=""><span>require_once("DB.php");  </span></li>
<li class="alt"><span> </span></li>
<li class=""><span>function get_user_id( $name )  </span></li>
<li class="alt"><span>{  </span></li>
<li class="">
<span> $</span><span class="attribute"><font color="#ff0000">dsn</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">'mysql://root:password@localhost/users'</font></span><span>;  </span>
</li>
<li class="alt">
<span> $</span><span class="attribute"><font color="#ff0000">db</font></span><span> =& DB::Connect( $dsn, array() );  </span>
</li>
<li class=""><span> if (PEAR::isError($db)) { die($db->getMessage()); }  </span></li>
<li class="alt"><span> </span></li>
<li class="">
<span> $</span><span class="attribute"><font color="#ff0000">res</font></span><span> = $db->query( 'SELECT id FROM users WHERE </span><span class="attribute"><font color="#ff0000">login</font></span><span>=?',array( $name ) );  </span>
</li>
<li class="alt">
<span> $</span><span class="attribute"><font color="#ff0000">id</font></span><span> = </span><span class="attribute-value"><font color="#0000ff">null</font></span><span>;  </span>
</li>
<li class="">
<span> while( $res->fetchInto( $row ) ) { $</span><span class="attribute"><font color="#ff0000">id</font></span><span> = $row[0]; }  </span>
</li>
<li class="alt"><span> </span></li>
<li class=""><span> return $id;  </span></li>
<li class="alt"><span>}  </span></li>
<li class=""><span> </span></li>
<li class="alt"><span>var_dump( get_user_id( 'jack' ) );  </span></li>
<li class=""><span>?> </span></li>
</ol>

Note that all places where PHP uses MySQL directly are eliminated, only the database connection characters in $dsn Except strings. Additionally, we use the $name variable in SQL via the ? operator. The query data is then sent in via the array at the end of the query() method.


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/446326.htmlTechArticleWe are working on Listing 1. Access/get.php
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn