php学习之6——Mysql绑定变量,绑定结果
<?php
//连接数据库参数
$host="";
$user="";
$pass="";
$db="";
//建立连接
$connection=mysql_connect($host,$user,$pass) or die("unable to connect!");
mysql_select_db($db) or die("unable to select db!");//选择数据库
mysql_set_charset('utf8',$connection);
$query="";//sql语句
//执行sql语句
$resutl=mysql_query($query) or die ("Error in query :$query.".mysql_error());
//显示返回的记录
if(mysql_num_rows($result)>0){
while($row=mysql_fetch_row($result)){
//mysql_fetch_array()--->row[0] or $row['id'] ,mysql_fetch_assoc()-->$row['name'],mysql_fetch_object()--$row->id
echo $row[0];
echo $row[1];
echo $row[2];
}
}else{
echo "没有相关记录";
}
//释放记录所占内存
mysql_free_result($result);
//关闭数据库连接
mysql_close($connection);
list()方法
$sql="select id,title,thumb,url from `v9_news` where catid=9 ";
$result = mysqli_query($db_conn,$sql) or die("Err in query 3:".$sql.mysqli_error());;
while (list($id, $title, $thumb,$url) = mysqli_fetch_row($result)) {
echo " <tr>\n".
" <td><a href=\"info.php?id=$id\">$title</a></td>\n".
" <td>$thumb----$url</td>\n".
" </tr>\n";
}
list(), each(),reset(),current(),next(),end(),prev()
each()返回 array 数组中当前指针位置的键/值对并向前移动数组指针。键值对被返回为四个单元的数组,键名为 0,1,key 和 value。单元 0 和 key 包含有数组单元的键名,1 和 value 包含有数据。
<?php
$array = array('step one', 'step two', 'step three', 'step four');
// by default, the pointer is on the first element
echo current($array) . "<br />\n"; // "step one"
// skip two steps
next($array);
next($array);
echo current($array) . "<br />\n"; // "step three"
// reset pointer, start again on step one
reset($array);
echo current($array) . "<br />\n"; // "step one"
?>
//die() 和 exit(0)
?>
<?php
//一般处理方法
$db_host="localhost";
$db_user="root";
$db_pass="";
$db_name="feng";
$db_conn= mysqli_connect($db_host,$db_user,$db_pass,$db_name) or die ("dblink is bad !");
//mysqli_select_db($db_name) or die("unable to select db !");
$db_sql="select * from `newtable`";
$db_result=mysqli_query($db_conn,$db_sql) or die("Err in query:".mysqli_error());
if (mysqli_num_rows($db_result)>0)
{
echo "begin";
while($row=mysqli_fetch_row($db_result))
{
echo $row[0];
echo $row[1];
echo $row[3];
}
echo "end";
}
else
{
echo "no recoder";
}
mysqli_free_result($db_result);//释放结果集
mysqli_close($db_conn);//释放连接
//使用绑定方法,出来提交数据,杜绝sql注入
$mysqli=new mysqli($db_host,$db_user,$db_pass,$db_name);
if (mysqli_connect_errno())
{
printf("dblink is bad ! %s/n",mysqli_connect_error());
exit();
}
$db_sql2="select id ,uid,regdate from `newtable` where id=?";
$stmt=$mysqli->prepare($db_sql2);//预处理
$stmt->bind_param("i",$id);//绑定变量,限定变量格式【i 数值 ,s字符,d浮点型,b blobs型 】
if (!get_magic_quotes_gpc()) {
$id = addslashes($id=$_GET["id"]);//处理单引号问题
//$id = mysql_real_escape_string ($_GET["id"]);
/*addslashes的问题在于黑客可以用0xbf27来代替单引号,用于单字节字符串的处理
mysql_real_escape_string 必须在(PHP 4 >= 4.3.0 PHP 5)的情况下才能使用。否则只能用 mysql_escape_string ,两者的区别是:
mysql_real_escape_string 考虑到连接的当前字符集,而mysql_escape_string 不考虑。
*/
} else {
$id=$_GET["id"];
}
//$id=$_GET["id"];
$stmt->execute();
$stmt->bind_result($col1,$col2,$col3);//绑定结果
while($stmt->fetch())
{
echo $col1."<br>";
echo $col2;
echo $col3;
}
echo $db_sql2;
$stmt->close();
$mysqli->close();
?>