Maison >développement back-end >tutoriel php >使用PDO操作数据库有什么好处
使用PDO操作数据库的好处:1、PDO真正的以底层实现的统一接口操作数据库;2、PDO支持更高级的DB特性操作;3、PDO是PHP官方的PECL库,兼容性和稳定性要高于MySQL扩展;4、PDO可以防止SQL注入,确保数据库更加安全。
PDO一是PHP数据对象(PHP Data Object)的缩写。
并不能使用PDO扩展本身执行任何数据库操作,必须使用一个database-specific PDO driver(针对特定数据库的PDO驱动)访问数据库服务器。
PDO并不提供数据库抽象,它并不会重写SQL或提供数据库本身缺失的功能,如果你需要这种功能,你需要使用一个更加成熟的抽象层。
PDO需要PHP5核心OO特性的支持,所以它无法运行于之前的PHP版本。
PDO有非常多的操作却是MySQL扩展库所不具备的:
1、PDO真正的以底层实现的统一接口数库操作接口,不管后端使用的是何种数据库,如果代码封装好了以后,应用层调用基本上差不多的,当后端数据库更换了以后,应用层代码基本不用修改.
2、PDO支持更高级的DB特性操作,如:存储过程的调度等,mysql原生库是不支持的.
3、PDO是PHP官方的PECL库,兼容性稳定性必然要高于MySQL Extension,可以直接使用 pecl upgrade pdo 命令升级.
4、PDO可以防止SQL注入,确保数据库更加安全
PDO有预处理语句,使用语句预处理将帮助你免于SQL注入攻击。
一条预处理语句是一条预编译的 SQL 语句,它可以使用多次,每次只需将数据传至服务器。其额外优势在于可以对使用占位符的数据进行安全处理,防止SQL注入攻击。
安装配置及测试
在windows下进行有关pdo测试的时候,php.ini中的extension_dir的值要填为pdo*.dll的路径,否则无法运行pdo的相关程序。
; Directory in which the loadable extensions (modules) reside.
extension_dir = "E:\www\php5\ext"
<?php $host = 'localhost'; $user = 'root'; $password = 'develop'; $dbname = '99game'; $dbh = new PDO("mysql:host=$host;dbname=$dbname", $user, $password); //======================================================= //例子 1. Execute a prepared statement with named placeholders /* Execute a prepared statement by binding PHP variables */ $user_id = 1; $email = 'caihf_73940@qq.com'; $sth = $dbh->prepare('SELECT user_id,email,token FROM 99game_user WHERE user_id = :user_id AND email = :email'); $sth->bindParam(':user_id', $user_id, PDO::PARAM_INT); $sth->bindParam(':email', $email, PDO::PARAM_STR, 30); $sth->execute(); $result = $sth->fetch(PDO::FETCH_ASSOC); print_r($result); print("<br />\n"); //例子 2. Execute a prepared statement with question mark placeholders /* Execute a prepared statement by binding PHP variables */ $user_id = 2; $email = 'caihuafeng1@gmail.com'; $sth = $dbh->prepare('SELECT user_id,email,token FROM 99game_user WHERE user_id = ? AND email = ?'); $sth->bindParam(1, $user_id, PDO::PARAM_INT); $sth->bindParam(2, $email, PDO::PARAM_STR, 30); $sth->execute(); $result = $sth->fetch(PDO::FETCH_ASSOC); print_r($result); print("<br />\n"); print "<hr />\n"; //======================================================= //======================================================= $sth = $dbh->prepare("SELECT user_id,email,token FROM 99game_user limit 10"); $sth->execute(); /* 运用 PDOStatement::fetch 风格 */ print("PDO::FETCH_ASSOC: "); print("Return next row as an array indexed by column name<br />\n"); $result = $sth->fetch(PDO::FETCH_ASSOC); print_r($result); print("<br />\n"); print("\n"); print("PDO::FETCH_BOTH: "); print("Return next row as an array indexed by both column name and number<br />\n"); $result = $sth->fetch(PDO::FETCH_BOTH); print_r($result); print("<br />\n"); print("\n"); print("PDO::FETCH_LAZY: "); print("Return next row as an anonymous object with column names as properties<br />\n"); $result = $sth->fetch(PDO::FETCH_LAZY); print_r($result); print("<br />\n"); print("\n"); print("PDO::FETCH_OBJ: "); print("Return next row as an anonymous object with column names as properties<br />\n"); $result = $sth->fetch(PDO::FETCH_OBJ); print_r($result); print 'user_id:' . $result->user_id; print("<br />\n"); print("\n"); print "<hr />\n"; //======================================================= //======================================================= function readDataForwards($dbh) { $sql = 'SELECT user_id,email,token FROM 99game_user limit 10'; try { $stmt = $dbh->prepare($sql, array(PDO::ATTR_CURSOR, PDO::CURSOR_SCROLL)); $stmt->execute(); while ($row = $stmt->fetch(PDO::FETCH_NUM, PDO::FETCH_ORI_NEXT)) { $data = $row[0] . "\t" . $row[1] . "\t" . $row[2] . "<br />\n"; print $data; } $stmt = null; } catch (PDOException $e) { print $e->getMessage(); } } function readDataBackwards($dbh) { $sql = 'SELECT user_id,email,token FROM 99game_user limit 10'; try { $stmt = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_SCROLL)); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_NUM, PDO::FETCH_ORI_LAST); do { $data = $row[0] . "\t" . $row[1] . "\t" . $row[2] . "<br />\n"; print $data; } while ($row = $stmt->fetch(PDO::FETCH_NUM, PDO::FETCH_ORI_PRIOR)); $stmt = null; } catch (PDOException $e) { print $e->getMessage(); } } print "Reading forwards:<br />\n"; readDataForwards($dbh); print "<hr />\n"; print "Reading backwards:<br />\n"; //下面的数据没有按照想像中的倒排输出,暂时不知道什么原因,php.net官方手册中的例子也是这么写的 readDataBackwards($dbh); //======================================================= ?>
以上测试程序输出如下:
Array ( [user_id] => 1 [email] => caihf_73940@qq.com [token] => 123token456_73940 ) Array ( [user_id] => 2 [email] => caihuafeng1@gmail.com [token] => 33fadfasdfadsf ) PDO::FETCH_ASSOC: Return next row as an array indexed by column name Array ( [user_id] => 1 [email] => caihf_73940@qq.com [token] => 123token456_73940 ) PDO::FETCH_BOTH: Return next row as an array indexed by both column name and number Array ( [user_id] => 2 [0] => 2 [email] => caihuafeng1@gmail.com [1] => caihuafeng1@gmail.com [token] => 33fadfasdfadsf [2] => 33fadfasdfadsf ) PDO::FETCH_LAZY: Return next row as an anonymous object with column names as properties PDORow Object ( [queryString] => SELECT user_id,email,token FROM 99game_user limit 10 [user_id] => 3 [email] => caihf_61039@qq.com [token] => 123token456_61039 ) PDO::FETCH_OBJ: Return next row as an anonymous object with column names as properties stdClass Object ( [user_id] => 6 [email] => aa1@aa.com [token] => cU8ady73epcmf54o7W0q1F0f8R3b2y4d ) user_id:6
更多相关知识,请访问 PHP中文网!!