2

有人可以指出我正确的方向。我正在从 过渡MySqlMySqli. 通常我会使用下面的代码从数据库中进行选择,这样我就可以轻松地将列值用作工作变量:

$SQLCommand = "SELECT * FROM table WHERE column1 = 'ok'";
$Data = mysql_query($SQLCommand);
$DataRow = mysql_fetch_assoc($Data);

$var1 = $DataRow["column1"];
$var2 = $DataRow["column2"];
$var3 = $DataRow["column3"];
$var4 = $DataRow["column4"];

我已经研究过如何做MySql同样的事情,但我发现使用循环等有很多不同的方式。是否有类似的事情(因为想要更好的描述)做同样的事情?提前致谢。

4

4 回答 4

4

我不想随波逐流,而是建议一个 PDO 替代方案

$db = new PDO($dsn, 'username','password'); 
              //$dsn is the connection string to your database.
              //See documentation for examples

//The next two rows are optional, but i personally suggest them to
//ease developing, debugging (the 1st) and fetching results (the 2nd)

$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);

$stmt = $db->prepare("SELECT * FROM table WHERE column1 = :c1");
$stmt->bindValue(':c1', 'ok'); //This example is trivial and not necessary
                               //but it gains relevance when the bound value 
                               //is a variable
$rows = $stmt->fetchAll(); //if you expect a single row use fetch() instead

//do something with the results

您可以在此处阅读有关 PDO 的更多信息:PDO 手册

PDO 最大的优势是它独立于应用程序使用的实际数据库。如果您偶然想在将来更改数据库,例如 SQLITE 或 PostgreSQL,那么您唯一需要做的更改就是您的$dsn连接字符串

[*] 仅当您使用标准 SQL 查询且没有特定于供应商的情况下才为真。

于 2013-06-20T06:42:54.873 回答
2

直接转换将是:

$Data = mysqli_query($connection, $SQLCommand);
$DataRow = mysqli_fetch_assoc($Data);

不同之i处在于它mysqli_query需要连接作为参数(大多数mysqli_*函数也是如此)。

MySQLi 也有面向对象的风格:

$Data = $connection->query($SQLCommand); // assuming you created the $connection object
$DataRow = $data->fetch_assoc();
于 2013-06-19T12:18:07.280 回答
1

他们应该像

$mysqli = new mysqli("localhost", "my_user", "my_password", "my_db");
$SQLCommand = "SELECT * FROM table WHERE column1 = 'ok'";
$Data = $mysqli->query($SQLCommand);   
$DataRow = $mysqli->fetch_assoc($Data);

试试这个链接

于 2013-06-19T12:15:10.153 回答
0

我的建议是在使用用户输入来防止 SQL 注入时使用 mysqli 准备好的语句:

请参阅下面的代码使用面向对象的方法和准备好的语句

<?php
$mysqli = new mysqli("example.com", "user", "password", "database");
if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}

if (!$mysqli->query("DROP TABLE IF EXISTS test") ||
!$mysqli->query("CREATE TABLE test(id INT, label CHAR(1))") ||
!$mysqli->query("INSERT INTO test(id, label) VALUES (1, 'a')")) {
    echo "Table creation failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
/* Prepared statement, stage 1: prepare */
$stmt = $mysqli->prepare("SELECT id, label FROM test WHERE id = ?");

/* Prepared statement, stage 2: bind and execute */    
$id = 1;
//note below "i" is for integer, "s" can be used for string
if (!$stmt->bind_param("i", $id)) {
    echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->execute();
$res = $stmt->get_result();
$row = $res->fetch_assoc();

printf("id = %s (%s)\n", $row['id'], gettype($row['id']));
printf("label = %s (%s)\n", $row['label'], gettype($row['label']));
?>
于 2013-06-19T12:25:31.383 回答