PDO两大功能
一、事务功能
PDO的事务功能主要控制好几条sql语句同时成功或者同时失败(当其中一条SQL语句有错误时,同时好几条一起失败),失败时可以回滚操作
1、造对象
|
1
2
3
4
|
<?php$dsn = "mysql:dbname=crud;host=localhost";$pdo = new PDO($dsn,"root","123");?> |
2、设置异常模式
|
1
|
$pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION); |
3、开始写事务
|
1
2
3
4
5
6
7
8
9
10
11
12
|
try{ $pdo->beginTransaction();//开启事务 $sql = "insert into nation values('n001','神族')";//数据库中有n001 $sql1 = "insert into nation values('n005','人族')";//一条错误全都失败不添加 $pdo->query($sql); $pdo->query($sql1);}catch(Exception $e){ //抓住出现的错误,并且处理 echo $e->getMessage();//获取异常信息; //回滚到最开始 $pdo->rollBack();} |
主键重复
二、防止SQL注入攻击
1、?占位符:数组必须是索引数组
SQL语句里需要加占位符
|
1
2
3
4
5
6
7
8
|
<?php$dsn = "mysql:dbname=crud;host=localhost";$pdo = new PDO($dsn,"root","123");$sql = "insert into nation values(?,?)";$st = $pdo->prepare($sql);//讲sql语句放到服务器等待执行$attr = array("n005","人族");$st->execute($attr);?> |
2、字符串方式:数组必须是关联数组
|
1
2
3
4
5
6
7
8
|
<?php$dsn = "mysql:dbname=crud;host=localhost";$pdo = new PDO($dsn,"root","123");$sql = "insert into nation values(:code,:name)";$st = $pdo->prepare($sql);//讲sql语句放到服务器等待执行$attr = array("code"=>"n006","name"=>"神族");//关联数组$st->execute($attr);?> |
