使用 PHP OOP 和本机 Z9778840A010410CB30C52ZB7CZ 将大型表单插入 SQL 数据库的最快方法
[英]Fastest way to insert large form into SQL database using PHP OOP and native SQL?
问题描述
First of all, I am new to PHP OOP and I'm still writing my code so I cannot paste the finished code here.
首先,我是 PHP OOP 的新手,我还在写我的代码,所以我不能在这里粘贴完成的代码。
1. The form一、形式
<form method='post'>
<?php
print '<tr class="oddeven">';
print '<input type="hidden" name="rowid" value="' . $row['rowid'] . '"/>';
print '<td>' . $row['rowid'] . '</td>';
print '<input type="hidden" name="firstname" value="' . $row['firstname'] . '"/>';
print '<input type="hidden" name="lastname" value="' . $row['lastname'] . '"/>';
print '<td>' . $row['firstname'] . ' ' . $row['lastname'] . '</td>';
... and so on ...
print '</tr>';
?>
<input class="butAction" type="submit" name="submit2" value="<?php print $langs->trans('UpdateRecords'); ?>">
</form>
2. Post and insert the data 2. 发布和插入数据
So if I have like 2 or 3 fields, it is no problem to write the appropriate post and method like:因此,如果我有 2 或 3 个字段,编写适当的帖子和方法是没有问题的,例如:
$var1 = $_POST['rowid'];
$var2 = $_POST['firstname'];
$var3 = $_POST['lastname''];
$object->insertData($var1, $var2, $var3);
and和
public function insertData($rowid, $firstname, $lastname)
{
$this->db->begin();
$sql = 'INSERT ';
$sql .= 'INTO tablename (rowid, firstname, lastname) ';
$sql .= 'VALUES (' . $this->db->escape($rowid) . ', ' . $this->db->escape($firstname) . ', ' . $this->db->escape($lastname) . ')';
$resql = $this->db->query($sql);
if ($resql) {
$this->db->commit();
} else {
$this->db->rollback();
print_error($this->db);
return -1;
}
}
But I have like 20 values I have to insert, plus there will be some additional calculations.但是我必须插入 20 个值,此外还会进行一些额外的计算。
So what is the better and fastest way to do this?那么有什么更好和最快的方法来做到这一点呢? As mentioned above, or use a function like:如上所述,或使用 function ,如:
public function __set($name, $value)
{
$this->$name = $value;
}
and assign values in $_POST?并在 $_POST 中赋值?
1 个解决方案
解决方案1
3 已采纳 2021-05-26 12:05:04
You are overcomplicating the design.您使设计过于复杂。 Most importantly, your queries are already vulnerable to SQL injection.最重要的是,您的查询已经容易受到 SQL 注入的攻击。 By overcomplicating this you are only introducing more bugs.通过过度复杂化,您只会引入更多错误。 Keep it simple!把事情简单化!
Create a simple model class, which will have a method to process your POST request.创建一个简单的 model class,它将有一个方法来处理您的 POST 请求。
class UserController
{
public function __construct(private mysqli $db)
{
}
public function processPost()
{
// instead of an array create DTO here
$data = [
'firstname' => filter_input(INPUT_POST, 'firstname') ?: throw new Exception('missing firstname'),
'lastname' => filter_input(INPUT_POST, 'lastname') ?: throw new Exception('missing lastname'),
'gender' => filter_input(INPUT_POST, 'gender') ?: null,
// etc.
];
$userModel = new User($this->db);
$userModel->insert($data);
}
}
class User
{
public function __construct(private mysqli $db)
{
}
public function insert(array $data)
{
$stmt = $this->db->prepare('INSERT INTO users (firstname, lastname, gender) VALUES(?,?,?)');
$stmt->bind_param(str_repeat('s', count($data)), ...$data);
$stmt->execute();
}
}
You can call it from your application the usual way you would call any other controller class.您可以从应用程序中调用它,就像调用任何其他 controller class 一样。
$userController = new UserController($mysqli);
if($_POST) {
$userController->processPost();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.