[英]Creating a prepared statement in PHP
I wanted to write a PHP
script in which i had to execute INSERT
query in MySQL
database using prepared statement.我想编写一个PHP
脚本,在该脚本中我必须使用准备好的语句在MySQL
数据库中执行INSERT
查询。
As i am a beginner in PHP
, i had no idea how to do it.由于我是PHP
的初学者,我不知道该怎么做。 so I looked it up on Stackoverflow
and found this How to create a secure mysql prepared statement in php?所以我在Stackoverflow
上Stackoverflow
了一下,发现这个如何在 php 中创建安全的 mysql 准备语句? . .
So i started doing it in same way as done in the accepted answer BUT in the answer, there are some methods used, like所以我开始以与接受的答案相同的方式做,但在答案中,使用了一些方法,比如
prepare
to prepare the SELECT
query prepare
准备SELECT
查询
bind_param
to bind parameters to query bind_param
绑定要查询的参数
close
to close to $stmt
close
接近$stmt
which are not suggested to me by Visual Studio Code
when i try to use them.当我尝试使用它们时, Visual Studio Code
没有向我建议。 Also when i use these methods and hover the pointer over them, no documentation is shown by the Visual Studio Code
which made me think whether these methods are available anymore or not.此外,当我使用这些方法并将指针悬停在它们上方时, Visual Studio Code
没有显示任何文档,这让我思考这些方法是否已经可用。
Instead of prepare
method, Visual Studio Code
suggests odbc_prepare
, instead of bind_param
, it suggests mysqli_bind_param
and instead of close
, it suggests odbc_close
. Visual Studio Code
建议使用odbc_prepare
而不是prepare
方法,而不是bind_param
,它建议mysqli_bind_param
而不是close
,它建议odbc_close
。
I am using PHP 7.2
我正在使用PHP 7.2
Question: Are methods like prepare
, close
, bind_param
not available in PHP 7
and can i use the ones suggested to me by Visual Studio Code
in place of these methods ?问题:像prepare
、 close
、 bind_param
这样的方法在PHP 7
不可用吗,我可以使用Visual Studio Code
建议的方法来代替这些方法吗?
Those function are not a standalone functions.这些功能不是独立的功能。 They are methods of PDO objects.它们是 PDO 对象的方法。 To learn more about PDO check this tutorial: PDO Tutorial要了解有关 PDO 的更多信息,请查看本教程: PDO 教程
$pdo = new PDO();
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email AND status=:status');
$stmt->execute(['email' => $email, 'status' => $status]);
$user = $stmt->fetch();
You can only use these functions without an mysqli
object in the procedural style with the mysqli_
prefix.您只能在带有mysqli_
前缀的过程样式中使用没有mysqli
对象的这些函数。
The object-orinted style is usually preferred however.然而,面向对象的风格通常是首选。
PHP.net has a comparison of the two approches . PHP.net 对这两种方法进行了比较。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.