什么是 PDO &我为什么要使用它?
人们不断提到我在处理 MySQL 时应该在我的 PHP 中使用 PDO,我以前从未听说过.
People keep on mentioning that I should be using PDO in my PHP when dealing with MySQL, I have never heard of this before.
什么是 PDO?它是如何使用的,有什么优点和缺点?
What is PDO? How is it used and what are the pros and cons?
谢谢,
推荐答案
将 PDO 视为一个内置类,它与 PHP 一起打包,可以让您更轻松地与数据库进行交互.在开发 PHP 应用程序时,您需要处理很多事情,例如建立连接、创建查询、获取结果、将资源转换为数组、使用 mysql_real_escape_string()
逃避 MySQL 注入,现在这是一个有很多事情需要处理,至少但不是最后考虑这样一种情况,您想从 mysql 跳转到 mysqli 或 MSSQL,因为您需要遍历每个函数并更改每一行代码以满足需要.PDO 通过提供一个集中的类来消除所有这些问题.
Consider PDO as a built in class that comes packaged with PHP to make it very easier for you to interact with your database. while developing a PHP Application you need to take care of lots of things like establish a connection, create query, to fetch the result convert resource into an array, escape MySQL Injection using mysql_real_escape_string()
now that is a lot of things to be taken care of, least but not the last consider a situation where you want to jump from mysql to mysqli or MSSQL for that you need to go through each and every function and change every line of code to suit the need. PDO eradicate all this problem by providing one centralized class.
详细看下面的代码.
使用 PDO 建立到 MySQL 的连接:
to establish a connection to MySQL Using PDO :
$dbh = new PDO('mysql:host='.HOST.';dbname='.DATABASE,USERNAME,PASSWORD);
就是这样,连接建立,您可以重用 $dbh 来执行查询,例如从表用户获取结果,您只需要两行代码.
that's it, the connection is established and you could reuse $dbh for performing queries for example to fetch the result from a table user you just need two line of code.
$sth = $dbh->query('SELECT id,name,email FROM users');
$user = $sth->fetch(PDO::FETCH_ASSOC);
现在 $user
会将所有值作为关联数组获取.
Now $user
will have all the values fetched as an associative array.
要将值插入数据库,您需要执行以下操作.
To Insert value into the database you need to do the following.
$sth = $dbh->prepare('INSERT INTO users(name,email) VALUES(:name, :email)');
$sth->bindParam(':name', 'My Name');
$sth->bindParam(':email', 'email@email.com');
$sth->execute();
上面的代码使用了命名占位符,这样 PDO 可以让你远离许多漏洞,因为它可以让你远离 MySQL 注入.为了让你开始,看看 netttus 的这个教程,他们解释得很好,这篇文章将解释你所有关于 PDO 的困境
The above code is using named placeholder, this way PDO will keep you safe from many vulnerabilities as it will keep you away from MySQL Injection. to get you started have a look at this tutorial by netttus, they have explained it very nicely, this article will explain all your dilemmas regarding PDO
http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/
相关文章