PHP连接mysql数据库:
<?php
$server = "localhost";
$user = "root";
$pwd = "123456";
$db = "student";
try{
$conn = new PDO("mysql:host=$server;dbname=$db", $user, $pwd);
echo "连接成功";
} catch (PDOException $e){
echo $e->getMessage();
}
PHP创建mysql数据库:
<?php
$server = "localhost";
$user = "root";
$pwd = "123456";
$db = "student";
try{
$conn = new PDO("mysql:host=$server;dbname=$db", $user, $pwd);
// 设置 PDO 错误模式为异常 ,用于抛出异常
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "create database mydb";
$conn->exec($sql);
echo "数据库创建成功<br>";
}catch (PDOException $e){
echo $sql . "<br>" . $e->getMessage();
}
//关闭连接
$conn = null;
PHP创建mysql数据表:
<?php
$server = "localhost";
$user = "root";
$pwd = "123456";
$db = "mydb";
try{
$conn = new PDO("mysql:host=$server;dbname=$db", $user, $pwd);
$conn -> setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
$sql = "create table myfriend(
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(30) NOT NULL ,
email VARCHAR(50),
sex CHAR(1)
)";
$conn->exec($sql);
echo "数据表创建成功";
}catch (PDOException $e){
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
PHP插入记录:
<?php
$server = "localhost";
$user = "root";
$pwd = "123456";
$db = "mydb";
try{
$conn = new PDO("mysql:host=$server;dbname=$db", $user, $pwd);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "insert into myfriend values (1, '吴俊杰', '1132431868@qq.com', '男')";
$conn->exec($sql);
echo "数据插入成功";
}catch (PDOException $e){
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
PHP插入多条记录:
<?php
$server = "localhost";
$user = "root";
$pwd = "123456";
$db = "mydb";
try{
$conn = new PDO("mysql:host=$server;dbname=$db", $user, $pwd);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//开始事务
$conn->beginTransaction();
//sql语句
$conn->exec("insert into myfriend values (3,'吴俊杰','1132431868@gmail.com','男')");
$conn->exec("insert into myfriend values (4,'john','1132431868@gmail.com','男')");
$conn->exec("insert into myfriend values (5,'jack','jack1132431868@gmail.com','男')");
//提交事务
$conn->commit();
echo "多条记录提交成功";
}catch (PDOException $e){
//如果插入失败则回滚事务
$conn->rollBack();
echo $e->getMessage();
}
$conn = null;
MySQL 预处理语句:
预处理语句用于执行多个相同的 SQL 语句,并且执行效率更高。
预处理语句的工作原理如下:
-
预处理:创建 SQL 语句模板并发送到数据库。预留的值使用参数 "?" 标记 。例如:
INSERT INTO MyGuests(firstname, lastname, email) VALUES(?,?,?) -
数据库解析,编译,对SQL语句模板执行查询优化,并存储结果不输出。
-
执行:最后,将应用绑定的值传递给参数("?" 标记),数据库执行语句。应用可以多次执行语句,如果参数的值不一样。
相比于直接执行SQL语句,预处理语句有两个主要优点:
-
预处理语句大大减少了分析时间,只做了一次查询(虽然语句多次执行)。
-
绑定参数减少了服务器带宽,你只需要发送查询的参数,而不是整个语句。
-
预处理语句针对SQL注入是非常有用的,因为参数值发送后使用不同的协议,保证了数据的合法性。
<?php
$server = "localhost";
$user = "root";
$pwd = "123456";
$db = "mydb";
try{
$conn = new PDO("mysql:host=$server;dbname=$db", $user, $pwd);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//预处理sql并绑定参数
$stmt = $conn->prepare("insert into myfriend VALUES (:id, :name, :email, :sex)");
$stmt->bindParam(':id',$id);
$stmt->bindParam(':name',$name);
$stmt->bindParam(':email',$email);
$stmt->bindParam(':sex',$sex);
//填充数据,可以一次填充多条记录
$id = 6;
$name = "ting";
$email = '113243186@163.com';
$sex = "女";
$stmt->execute();
echo "预处理动作完成";
}catch (PDOException $e){
echo $e->getMessage();
}
$conn = null;