Detailed explanation of preprocessing examples of php mysqli extension
In the previous article MySQL basic knowledge, we talked about the installation and basic operations of MySQL (mainly the query operation of a single SQL statement). Today we introduce a very important part of MySQL: preprocessing.
In mysqli operations, its three main classes are often involved: MySQLi class, MySQL_STMT class, and MySQLi_RESULT class. Preprocessing is mainly done using the MySQL_STMT class.
Preprocessing is an important means of preventing SQL injection and is of great significance to improving website security.
The case of this article is that the database name is test, the data table name is test, the fields include id and title, and the id is an auto-increasing primary key.
<?php
define("HOST", "localhost");define("USER", 'root');define("PWD", '');define("DB", 'test');$mysqli=new Mysqli(HOST,USER,PWD,DB);if ($mysqli->connect_errno) { "Connect Error:".$mysqli->connect_error;
}$mysqli->set_charset('utf8');$id='';$title='title4';//用?代替 变量$sql="INSERT test VALUES (?,?)";//获得$mysqli_stmt对象,一定要记住传$sql,预处理是对sql语句的预处理。$mysqli_stmt=$mysqli->prepare($sql);//第一个参数表明变量类型,有i(int),d(double),s(string),b(blob)$mysqli_stmt->bind_param('is',$id,$title);//执行预处理语句if($mysqli_stmt->execute()){ echo $mysqli_stmt->insert_id;
}else{ echo $mysqli_stmt->error;
}$mysqli->close();Use mysqli preprocessing to prevent sql injection:
$id='4';$title='title4';$sql="SELECT * FROM test WHERE id=? AND title=?";$mysqli_stmt=$mysqli->prepare($sql);$mysqli_stmt->bind_param('is',$id,$title);if ($mysqli_stmt->execute()) { $mysqli_stmt->store_result(); if($mysqli_stmt->num_rows()>0){ echo "验证成功";
}else{ echo "验证失败";
}
} $mysqli_stmt->free_result(); $mysqli_stmt->close();Use mysqli preprocessing to execute query statements:
$sql="SELECT id,title FROM test WHERE id>=?";$mysqli_stmt=$mysqli->prepare($sql);$id=1;$mysqli_stmt->bind_param('i',$id);if($mysqli_stmt->execute()){ $mysqli_stmt->store_result(); //将一个变量绑定到一个prepared语句上用于结果存储 $mysqli_stmt->bind_result($id,$title); while ($mysqli_stmt->fetch()) { echo $id.' :'.$title.'<br/>';
}
}The above is the detailed content of Detailed explanation of preprocessing examples of php mysqli extension. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1378
52
How to use PHP's SNMP extension?
Jun 02, 2023 am 10:22 AM
The SNMP extension for PHP is an extension that enables PHP to communicate with network devices through the SNMP protocol. Using this extension, you can easily obtain and modify the configuration information of network devices, such as CPU, memory, network interface and other information of routers, switches, etc. You can also perform control operations such as switching device ports. This article will introduce the basic knowledge of the SNMP protocol, how to install the SNMP extension of PHP, and how to use the SNMP extension in PHP to monitor and control network devices. 1. SN
From start to finish: How to use php extension cURL to make HTTP requests
Jul 29, 2023 pm 05:07 PM
From start to finish: How to use php extension cURL for HTTP requests Introduction: In web development, it is often necessary to communicate with third-party APIs or other remote servers. Using cURL to make HTTP requests is a common and powerful way. This article will introduce how to use PHP to extend cURL to perform HTTP requests, and provide some practical code examples. 1. Preparation First, make sure that php has the cURL extension installed. You can execute php-m|grepcurl on the command line to check
Extensions and third-party modules for PHP functions
Apr 13, 2024 pm 02:12 PM
To extend PHP function functionality, you can use extensions and third-party modules. Extensions provide additional functions and classes that can be installed and enabled through the pecl package manager. Third-party modules provide specific functionality and can be installed through the Composer package manager. Practical examples include using extensions to parse complex JSON data and using modules to validate data.
Solution to PHP Fatal error: Call to undefined function mysqli_connect()
Jun 23, 2023 am 09:40 AM
When writing web applications using PHP, a MySQL database is often used to store data. PHP provides a way to interact with the MySQL database called MySQLi. However, sometimes when using MySQLi, you will encounter an error message, as shown below: PHPFatalerror:Calltoundefinedfunctionmysqli_connect() This error message means that PHP cannot find my
How to install mbstring extension under CENTOS7?
Jan 06, 2024 pm 09:59 PM
1.UncaughtError:Calltoundefinedfunctionmb_strlen(); When the above error occurs, it means that we have not installed the mbstring extension; 2. Enter the PHP installation directory cd/temp001/php-7.1.0/ext/mbstring 3. Start phpize(/usr/local/bin /phpize or /usr/local/php7-abel001/bin/phpize) command to install php extension 4../configure--with-php-config=/usr/local/php7-abel
PHP PDO vs. mysqli: compare and contrast
Feb 19, 2024 pm 12:24 PM
PDOPDO is an object-oriented database access abstraction layer that provides a unified interface for PHP, allowing you to use the same code to interact with different databases (such as Mysql, postgresql, oracle). PDO hides the complexity of underlying database connections and simplifies database operations. Advantages and Disadvantages Advantages: Unified interface, supports multiple databases, simplifies database operations, reduces development difficulty, provides prepared statements, improves security, supports transaction processing Disadvantages: performance may be slightly lower than native extensions, relies on external libraries, may increase overhead, demo code uses PDO Connect to mysql database: $db=newPDO("mysql:host=localhost;dbnam
How to use the Aurora Push extension to implement batch message push function in PHP applications
Jul 25, 2023 pm 08:07 PM
How to use the Aurora Push extension to implement batch message push function in PHP applications. In the development of mobile applications, message push is a very important function. Jiguang Push is a commonly used message push service that provides rich functions and interfaces. This article will introduce how to use the Aurora Push extension to implement batch message push functionality in PHP applications. Step 1: Register a Jiguang Push account and obtain an API key. First, we need to register on the Jiguang Push official website (https://www.jiguang.cn/push)
How to use PHP's ZipArchive extension?
Jun 02, 2023 am 08:13 AM
PHP is a popular server-side language that can be used to develop web applications and process files. The ZipArchive extension for PHP is a powerful tool for manipulating zip files in PHP. In this article, we’ll cover how to use PHP’s ZipArchive extension to create, read, and modify zip files. 1. Install the ZipArchive extension. Before using the ZipArchive extension, you need to ensure that the extension has been installed. The installation method is as follows: 1. Install
