发表新帖
发表新帖

How to upgrade from mysql_* to mysqli_*?

前端 未结
关注
2 1060
Happy的楠姐
Happy的楠姐 2020-12-19 10:07

I\'m currently using deprecated code to get data from users, as follows:

/* retrieve */
$lastName = $_POST[\'lastName\']; 
$firstName = $_POST[\'firstName\']
相关标签:
2条回答
  • 暖寄归人
    2020-12-19 10:58

    see this pages for converting mysql into mysqli

    Converting_to_MySQLi

    https://wikis.oracle.com/display/mysql/Converting+to+MySQLi

    and see mysqli_real_escape_string manual that explain about mysqli_real_escape_string and Security problem and how to solve it.

    php.net:

    Security: the default character set

    The character set must be set either at the server level, or with the API function mysqli_set_charset() for it to affect mysqli_real_escape_string(). See the concepts section on character sets for more information.

    see this page for query for insert data

    see this page for prepare data for inserting to mysql

    and http://php.net/manual/de/mysqli.quickstart.prepared-statements.php

    0 讨论(0)
  • 不思量自难忘°
    2020-12-19 11:02

    Convert it to PDO

    /* connect */
$dsn = "mysql:host=localhost;db=test;charset=utf8";
$opt = array(
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
);
$pdo = new PDO($dsn,"user", "passw", $opt);


/* insert */
$query = "INSERT INTO personal (LastName, FirstName) VALUES  (?, ?)";
$stmt  = $pdo->prepare($query);
$stmt->execute(array($_POST['lastName'],$_POST['firstName']));

$query = "INSERT INTO exam (Level, Centre, BackupCentre, etc) VALUES (?, ?, ?, 'etc')";
$stmt  = $pdo->prepare($query);
$stmt->execute(array($_POST['level'], $centre, $backup));
    0 讨论(0)
 看不清?
提交回复
热议问题