首頁 >後端開發 >php教程 >使用PDO操作数据库有什么好处

使用PDO操作数据库有什么好处

PHPz
PHPz原創
2016-06-13 12:05:592019瀏覽

使用PDO操作数据库的好处:1、PDO真正的以底层实现的统一接口操作数据库;2、PDO支持更高级的DB特性操作;3、PDO是PHP官方的PECL库,兼容性和稳定性要高于MySQL扩展;4、PDO可以防止SQL注入,确保数据库更加安全。

使用PDO操作数据库有什么好处

PDO一是PHP数据对象(PHP Data Object)的缩写。

并不能使用PDO扩展本身执行任何数据库操作,必须使用一个database-specific PDO driver(针对特定数据库的PDO驱动)访问数据库服务器。

PDO并不提供数据库抽象,它并不会重写SQL或提供数据库本身缺失的功能,如果你需要这种功能,你需要使用一个更加成熟的抽象层。

PDO需要PHP5核心OO特性的支持,所以它无法运行于之前的PHP版本。

PDO有非常多的操作却是MySQL扩展库所不具备的:

1、PDO真正的以底层实现的统一接口数库操作接口,不管后端使用的是何种数据库,如果代码封装好了以后,应用层调用基本上差不多的,当后端数据库更换了以后,应用层代码基本不用修改.

2、PDO支持更高级的DB特性操作,如:存储过程的调度等,mysql原生库是不支持的.

3、PDO是PHP官方的PECL库,兼容性稳定性必然要高于MySQL Extension,可以直接使用 pecl upgrade pdo 命令升级.

4、PDO可以防止SQL注入,确保数据库更加安全

PDO有预处理语句,使用语句预处理将帮助你免于SQL注入攻击。

一条预处理语句是一条预编译的 SQL 语句,它可以使用多次,每次只需将数据传至服务器。其额外优势在于可以对使用占位符的数据进行安全处理,防止SQL注入攻击。

安装配置及测试

在windows下进行有关pdo测试的时候,php.ini中的extension_dir的值要填为pdo*.dll的路径,否则无法运行pdo的相关程序。

; Directory in which the loadable extensions (modules) reside.
extension_dir = "E:\www\php5\ext"

<?php
$host = &#39;localhost&#39;;
$user = &#39;root&#39;;
$password = &#39;develop&#39;;
$dbname = &#39;99game&#39;;

$dbh = new PDO("mysql:host=$host;dbname=$dbname", $user, $password);

//=======================================================
//例子 1. Execute a prepared statement with named placeholders
/* Execute a prepared statement by binding PHP variables */
$user_id = 1;
$email = &#39;caihf_73940@qq.com&#39;;
$sth = $dbh->prepare(&#39;SELECT user_id,email,token FROM 99game_user
    WHERE user_id = :user_id AND email = :email&#39;);
$sth->bindParam(&#39;:user_id&#39;, $user_id, PDO::PARAM_INT);
$sth->bindParam(&#39;:email&#39;, $email, PDO::PARAM_STR, 30);
$sth->execute();
$result = $sth->fetch(PDO::FETCH_ASSOC);
print_r($result);
print("<br />\n");

//例子 2. Execute a prepared statement with question mark placeholders
/* Execute a prepared statement by binding PHP variables */
$user_id = 2;
$email = &#39;caihuafeng1@gmail.com&#39;;
$sth = $dbh->prepare(&#39;SELECT user_id,email,token FROM 99game_user
    WHERE user_id = ? AND email = ?&#39;);
$sth->bindParam(1, $user_id, PDO::PARAM_INT);
$sth->bindParam(2, $email, PDO::PARAM_STR, 30);
$sth->execute();
$result = $sth->fetch(PDO::FETCH_ASSOC);
print_r($result);
print("<br />\n");

print "<hr />\n";
 //=======================================================

//=======================================================
$sth = $dbh->prepare("SELECT user_id,email,token FROM 99game_user limit 10");
$sth->execute();

/* 运用 PDOStatement::fetch 风格 */
print("PDO::FETCH_ASSOC: ");
print("Return next row as an array indexed by column name<br />\n");
$result = $sth->fetch(PDO::FETCH_ASSOC);
print_r($result);
print("<br />\n");
print("\n");

print("PDO::FETCH_BOTH: ");
print("Return next row as an array indexed by both column name and number<br />\n");
$result = $sth->fetch(PDO::FETCH_BOTH);
print_r($result);
print("<br />\n");
print("\n");

print("PDO::FETCH_LAZY: ");
print("Return next row as an anonymous object with column names as properties<br />\n");
$result = $sth->fetch(PDO::FETCH_LAZY);
print_r($result);
print("<br />\n");
print("\n");

print("PDO::FETCH_OBJ: ");
print("Return next row as an anonymous object with column names as properties<br />\n");
$result = $sth->fetch(PDO::FETCH_OBJ);
print_r($result);
print &#39;user_id:&#39; . $result->user_id;
print("<br />\n");
print("\n");

print "<hr />\n";
//=======================================================

//=======================================================
function readDataForwards($dbh) {
  $sql = &#39;SELECT user_id,email,token FROM 99game_user limit 10&#39;;
  try {
    $stmt = $dbh->prepare($sql, array(PDO::ATTR_CURSOR, PDO::CURSOR_SCROLL));
    $stmt->execute();
    while ($row = $stmt->fetch(PDO::FETCH_NUM, PDO::FETCH_ORI_NEXT)) {
      $data = $row[0] . "\t" . $row[1] . "\t" . $row[2] . "<br />\n";
      print $data;
    }
    $stmt = null;
  }
  catch (PDOException $e) {
    print $e->getMessage();
  }
}

function readDataBackwards($dbh) {
  $sql = &#39;SELECT user_id,email,token FROM 99game_user limit 10&#39;;
  try {
    $stmt = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_SCROLL));
    $stmt->execute();
    $row = $stmt->fetch(PDO::FETCH_NUM, PDO::FETCH_ORI_LAST);
    do {
      $data = $row[0] . "\t" . $row[1] . "\t" . $row[2] . "<br />\n";
      print $data;
    } while ($row = $stmt->fetch(PDO::FETCH_NUM, PDO::FETCH_ORI_PRIOR));
    $stmt = null;
  }
  catch (PDOException $e) {
    print $e->getMessage();
  }
}

print "Reading forwards:<br />\n";
readDataForwards($dbh);

print "<hr />\n";

print "Reading backwards:<br />\n";
//下面的数据没有按照想像中的倒排输出,暂时不知道什么原因,php.net官方手册中的例子也是这么写的
readDataBackwards($dbh);
//=======================================================
?>

以上测试程序输出如下:

Array
(
[user_id] => 1
[email] => caihf_73940@qq.com
[token] => 123token456_73940
)
Array
(
[user_id] => 2
[email] => caihuafeng1@gmail.com
[token] => 33fadfasdfadsf
)

PDO::FETCH_ASSOC: Return next row as an array indexed by column name
Array
(
[user_id] => 1
[email] => caihf_73940@qq.com
[token] => 123token456_73940
)

PDO::FETCH_BOTH: Return next row as an array indexed by both column name and number
Array
(
[user_id] => 2
[0] => 2
[email] => caihuafeng1@gmail.com
[1] => caihuafeng1@gmail.com
[token] => 33fadfasdfadsf
[2] => 33fadfasdfadsf
)

PDO::FETCH_LAZY: Return next row as an anonymous object with column names as properties
PDORow Object
(
[queryString] => SELECT user_id,email,token FROM 99game_user limit 10
[user_id] => 3
[email] => caihf_61039@qq.com
[token] => 123token456_61039
)

PDO::FETCH_OBJ: Return next row as an anonymous object with column names as properties
stdClass Object
(
[user_id] => 6
[email] => aa1@aa.com
[token] => cU8ady73epcmf54o7W0q1F0f8R3b2y4d
)
user_id:6

更多相关知识,请访问 PHP中文网!!

陳述:
本文內容由網友自願投稿,版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容,請聯絡admin@php.cn