如何简化我的php代码(插入,更新和删除)
[英]how to simplify my php code(insert, update and delete)
问题描述
Hi I am a newbie in PHP I heard that there is a way on how to simplify your php query code :) 
嗨,我是PHP的新手,我听说有一种方法可以简化您的php查询代码:)
First I want to simplify insert: 首先,我想简化插入:
I have a query
mysql_query("insert into table (sample) values ('$sample')");我有一个查询mysql_query("insert into table (sample) values ('$sample')");I want to simplify it like a formula you just enter the table and the values just it.我想像一个公式一样简化它,只需输入表格和值即可。 so that whenever I query I will not type mysql_query blah blah blah 这样,无论何时我查询,我都不会键入mysql_query等等等等。 Next Selecting data on database.
下一步选择数据库上的数据。 Like mysql_query(select * from account where contatc='$contatc')I want to simplify it or just make a formula whenever I will query it I will not type anymore.就像mysql_query(select * from account where contatc='$contatc')我想简化它或只是在我查询它时就创建一个公式,而不再输入。
I also read that in order to make it I will use functions Thanks in advance 我也读过,为了使它成为可能,我将使用函数预先感谢
This is an example on selecting data 这是有关选择数据的示例
function check($value, $where, $database) {
//foreach($field_arr as $value);
$q=sprintf("SELECT `".$value."` FROM `".$database."` WHERE ".$where."");
if(! $data=mysql_query($q)){
return FALSE;
}
else {
return mysql_num_rows($data);
}
}
2 个解决方案
解决方案1
0 2015-01-27 10:03:51
Below are the functions to perform database operations 以下是执行数据库操作的功能
## Connect to Server ##
function connect($server="",$user="", $pass="")
{
$conn = mysql_pconnect($server,$user,$pass);
if(!$conn) {
echo "Connection attempt failed"." Error No:".mysql_errno()."<br>Error Message : ". mysql_error();
}
return true;
}
## Select Database for table operation ##
function selectDatabase($dbase)
{
global $conn;
if(empty($conn)) { echo "Connection not found"; }
if(!mysql_select_db($dbase, $conn)) {
echo "Dbase Select failed"." Error No:".mysql_errno()."<br>Error Message : ". mysql_error();
}
}
## Execute Select Query
function select ($sql="", $fetch = "mysql_fetch_assoc")
{
global $conn;
if(empty($sql)) { echo "Select Query not found"; }
if(empty($conn)) { echo "Connection not found";}
$results = @mysql_query($sql,$conn);
if(!$results) {
echo "Error in Query : ".$sql."<br>".mysql_errno()." : ". mysql_error();
}
$data = array();
while ($row = $fetch($results))
{
$data[] = $row;
}
mysql_free_result($results);
return $data;
}
## Execute Insert Query
function insert ($sql="")
{
global $conn;
if(empty($sql)) { echo "Insert query not found"; }
if(empty($conn)
{
echo "Connection not found";
}
$results = mysql_query($sql,$conn);
if(!$results)
{
echo "Error in Query : ".$sql."<br>".mysql_errno()." : ". mysql_error();
}
$id = mysql_insert_id();
If($id)
return $id;
else
return 1;
}
## Execute Update / Delete / mulitple insert query
function execute($sql="")
{
global $conn;
if(empty($sql)) { echo "Query not found"; }
if(empty($conn))
{
echo "Connection not found";
}
$results = mysql_query($sql,$conn);
if(!$results)
{
echo "Error in Query : ".$sql."<br>".mysql_errno()." : ". mysql_error();
}
$rows = 0;
$rows = mysql_affected_rows();
if($rows==0) return 1;
return $rows;
}
解决方案2
0 2015-01-27 10:10:53
Beware with your code. 当心您的代码。 With this code, it's really easy to add SQL injection to it. 使用此代码,可以很容易地向其中添加SQL注入。 And you have another problem: you are using the mysql_* extensions, which are totally deprecated (they will be removed in the next main release of PHP). 而且您还有另一个问题:您正在使用mysql_ *扩展名,这些扩展名已被完全弃用(它们将在下一个主要的PHP版本中删除)。
My advice is: 我的建议是:
- Switch to another DB library. 切换到另一个数据库库。 I recommend PDO ( http://php.net/manual/en/book.pdo.php ), but you can also use mysqli. 我建议使用PDO( http://php.net/manual/zh/book.pdo.php ),但是您也可以使用mysqli。
- Learn a bit about SQL injection. 了解有关SQL注入的知识。 There are lots of good and interesting threads here in Stack Overflow talking about SQL injection and PHP. Stack Overflow中有很多很好的有趣的线程在讨论SQL注入和PHP。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.