[英]how to convert multiple query from mssql_* to PDO mysql
I have little php code for daily audit transaction.I make simple to get the point. 我有日常审计transaction.I进行简单的获得分数少的PHP代码。
$result = mssql_query("BEGIN TRAN");
$result = mssql_query("insert into items_history (select * from items)"); //move transaction to history
$result = mssql_query("delete * from items)"); //clear transaction table for new month transaction
$result = mssql_query( //get the data for used in another script
"select items_history.item_id,
items_history.item_name,
group_items.group_name
from
items_history,group_items
where group_items.id=items_history.id and
day(items_history.date_trans)=day(items_history.date_trans)-1 " // whit where include
);
$result = mssql_query("update trans_control set current_day=current_day+1" }; //update the system date to next day
if (!$result) {
mssql_query("ROLLBACK TRAN");
} else {
mssql_query("COMMIT TRAN");
}
mssql_close();
For some reason, this database need to store online with mysql database. 由于某种原因,该数据库需要与mysql数据库一起在线存储。 in offline, i am not much wory about secure with this code.
在离线状态下,我对使用此代码的安全性并不十分担心。 But in online, it make me think allot about secure.
但是在网上,这让我想到了关于安全性的分配。 And now i want to convert this script in to PDO MySql.
现在我想将此脚本转换为PDO MySql。 the goal is simple with more secure:
目标简单,安全性高:
$result = q("BEGIN");
$result = q("qry1");
$result = q("qry2");
$result = q("qry3");// select with many join table and some parameter data in where like 'string','int', 'date', and maybe with "Union All" in select
$result = q("qry..."};
if (!$result) {
q("ROLLBACK");
} else {
q("COMMIT");
}
If another question have problem same like this. 如果另一个问题有这样的问题。 I am glade to start with that, specially simple wrapper, so i can learn how it work.
我很乐意从此开始,特别是简单的包装器,这样我就可以了解它的工作原理。 thank you to before.
谢谢你以前。
The security should be no problem as long as you use bound parameters, see www.php.net/manual/en/pdostatement.bindparam.php and http://www.php.net/manual/en/pdostatement.bindvalue.php 只要您使用绑定参数,安全性就不会有问题,请参阅www.php.net/manual/zh-cn/pdostatement.bindparam.php和http://www.php.net/manual/zh-cn/pdostatement.bindvalue.php
And for your transactions you can emulate the same thing by using these methods: 对于您的交易,您可以使用以下方法模拟相同的事物:
http://www.php.net/manual/en/pdo.begintransaction.php instead of your BEGIN TRAN query, http://www.php.net/manual/en/pdo.commit.php instead of COMMIT, http://www.php.net/manual/en/pdo.rollback.php instead of ROLLBACK http://www.php.net/manual/en/pdo.begintransaction.php而不是BEGIN TRAN查询, http ://www.php.net/manual/en/pdo.commit.php而不是COMMIT, http ://www.php.net/manual/en/pdo.rollback.php而不是ROLLBACK
But if the queries are exactly the ones from your first code sample I don't see any external parameters that could cause security issues 但是,如果查询恰好是您第一个代码示例中的查询,那么我看不到任何可能导致安全问题的外部参数
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.