PHP mysqli学习(五)预处理

预处理可以处理不同参数的同一条SQL,并且有效地防止SQL注入问题。

核心方法

$mysqli_stmt = mysqli->prepare($sql); // 预处理,返回statement对象

$mysqli_stmt->bind_param(); // 绑定参数, 类型对应关系如下:

  i : Integer

    s : String

  d : double

  b : blob

$mysqli_stmt->excute(); // 执行sql

 

<?php
$mysqli = @new mysqli("localhost:3306", "root", "root", "zhy");
if ($mysqli->connect_errno) {
    die("MYSQL CONNECT ERROR:" . $mysqli->connect_error);
}
$mysqli->set_charset('utf8');

$sql = 'INSERT INTO user (name, age, description) VALUES (?,?,?)';

$mysqli_stmt = $mysqli->prepare($sql);
//print_r($mysqli_stmt);

for ($i = 0; $i < 5; $i++) {
    $name = 'prepare' . $i;
    $age = 25 + $i;
    $description = 'description' . $i;
    $mysqli_stmt->bind_param('sis', $name, $age, $description);
    if ($mysqli_stmt->execute()) {
        echo $mysqli_stmt->insert_id;
        echo '<br/>';
    } else {
        echo $mysqli_stmt->error;
    }
}

$mysqli_stmt->close();

$mysqli->close();
 

 

posted @ 2016-05-07 16:03  皎如飞镜临丹阙  阅读(296)  评论(0编辑  收藏  举报