连接办法
// PDO$pdo = new PDO(\"大众mysql:host=localhost;dbname=database\"大众, 'username', 'password'); // mysqli面向过程$mysqli = mysqli_connect('localhost','username','password','database'); // mysqli面向工具$mysqli = new mysqli('localhost','username','password','database');对数据库的支持方面
pdo多种支持
代码表现
var_dump(PDO::getAvailableDrivers());
mysqli 单一
$params = array(':username' => 'test', ':email' => $mail, ':last_login' => time() - 3600); $pdo->prepare(' SELECT FROM users WHERE username = :username AND email = :email AND last_login > :last_login'); $pdo->execute($params);mysqli办法$query = $mysqli->prepare(' SELECT FROM users WHERE username = ? AND email = ? AND last_login > ?'); $query->bind_param('sss', 'test', $mail, time() - 3600);$query->execute();工具映射
假设我们有一个类,是如下这样
class User { public $id; public $first_name; public $last_name; public function info() { return '#'.$this->id.': '.$this->first_name.' '.$this->last_name; }}
看看2者的办法
$query = \"大众SELECT id, first_name, last_name FROM users\"大众; // PDO$result = $pdo->query($query);$result->setFetchMode(PDO::FETCH_CLASS, 'User'); while ($user = $result->fetch()) { echo $user->info().\"大众\n\"大众;}// MySQLI, procedural wayif ($result = mysqli_query($mysqli, $query)) { while ($user = mysqli_fetch_object($result, 'User')) { echo $user->info().\"大众\n\公众; }}// MySQLi, object oriented wayif ($result = $mysqli->query($query)) { while ($user = $result->fetch_object('User')) { echo $user->info().\公众\n\"大众; }}安全方面
二者都可以防止sql注入
看下代码
// PDO, \公众manual\"大众 escaping$username = PDO::quote($_GET['username']); $pdo->query(\公众SELECT FROM users WHERE username = $username\"大众); // mysqli, \"大众manual\"大众 escaping$username = mysqli_real_escape_string($_GET['username']); $mysqli->query(\公众SELECT FROM users WHERE username = '$username'\"大众);预处理机制
// PDO, prepared statement$pdo->prepare('SELECT FROM users WHERE username = :username');$pdo->execute(array(':username' => $_GET['username'])); // mysqli, prepared statements$query = $mysqli->prepare('SELECT FROM users WHERE username = ?');$query->bind_param('s', $_GET['username']);$query->execute();总结
推举大家用pdo,由于pdo的强大之处是显而易见的,支持多种数据库,还有参数绑定是特色。
————————————————
原文链接:https://blog.csdn.net/dzyweer/article/details/79751174
