pdo

Preparing a MySQL INSERT/UPDATE statement with DEFAULT values

感情迁移 提交于 2019-12-28 06:28:15
问题 Quoting MySQL INSERT manual - same goes for UPDATE: Use the keyword DEFAULT to set a column explicitly to its default value. This makes it easier to write INSERT statements that assign values to all but a few columns, because it enables you to avoid writing an incomplete VALUES list that does not include a value for each column in the table. Otherwise, you would have to write out the list of column names corresponding to each value in the VALUES list. So in short if I write INSERT INTO table1

PHP/PDO/MySQL: inserting into MEDIUMBLOB stores bad data

和自甴很熟 提交于 2019-12-28 03:10:33
问题 I have a simple PHP web app that accepts icon images via file upload and stores them in a MEDIUMBLOB column. On my machine (Windows) plus two Linux servers, this works fine. On a third Linux server, the inserted image is corrupted: unreadable after a SELECT, and the length of the column data as reported by the MySQL length() function is about 40% larger than the size of the uploaded file. (Each server connects to a separate instance of MySQL.) Of course, this leads me to think about encoding

Alternative for mysql_num_rows using PDO

孤者浪人 提交于 2019-12-27 14:41:59
问题 Right now I have a PHP file that does a MYSQL query and then counts rows like this: $count=mysql_num_rows($result); if ($count == 1) { $message = array('status' => 'ok'); } else { $message = array('status' => 'error'); } This works fine but I'm trying to change all my PHP files to use PDO. So how can this be done with PDO? 回答1: $res = $DB->query('SELECT COUNT(*) FROM table'); $num_rows = $res->fetchColumn(); or $res = $DB->prepare('SELECT COUNT(*) FROM table'); $res->execute(); $num_rows =

How do I sanitize input with PDO?

ぐ巨炮叔叔 提交于 2019-12-27 14:41:40
问题 Do I need to use mysql_real_escape_string() on my input (such as $_POST and $_GET ) when I use the PDO library? How do I properly escape user input with PDO? 回答1: If you use PDO you can parametize your queries, removing the need to escape any included variables. See here for a great introductory tutorial for PDO. Using PDO you can seperate the SQL and passed parameters using prepared statements, this removes the need to escape strings, as because the two are held seperately then combined at

Alternative for mysql_num_rows using PDO

我是研究僧i 提交于 2019-12-27 14:39:29
问题 Right now I have a PHP file that does a MYSQL query and then counts rows like this: $count=mysql_num_rows($result); if ($count == 1) { $message = array('status' => 'ok'); } else { $message = array('status' => 'error'); } This works fine but I'm trying to change all my PHP files to use PDO. So how can this be done with PDO? 回答1: $res = $DB->query('SELECT COUNT(*) FROM table'); $num_rows = $res->fetchColumn(); or $res = $DB->prepare('SELECT COUNT(*) FROM table'); $res->execute(); $num_rows =

How do I sanitize input with PDO?

感情迁移 提交于 2019-12-27 14:38:45
问题 Do I need to use mysql_real_escape_string() on my input (such as $_POST and $_GET ) when I use the PDO library? How do I properly escape user input with PDO? 回答1: If you use PDO you can parametize your queries, removing the need to escape any included variables. See here for a great introductory tutorial for PDO. Using PDO you can seperate the SQL and passed parameters using prepared statements, this removes the need to escape strings, as because the two are held seperately then combined at

PHP中PDO的错误处理

白昼怎懂夜的黑 提交于 2019-12-27 13:46:01
http://www.phpq.net/tutorial/php-pdo-error.html -------------------------------------------------- 在使用PDO进行那个PHP和数据库开发过程中,如果程序中碰到错误咋办?我们这里描述PDO类的错误信息和异常处理。 面向对象的方式 先看看如果连接错误等的处理,PHP中PDO的错误处理,使用面向对象的方式来处理: <?php try {  $db = new PDO('mysql:host=localhost;dbname=test', $user, $pass);  $db = null; } catch (PDOException $e) {  print "Error: " . $e->getMessage() . "<br/>";  die(); } ?> 这里利用我们PHP 5面向对象的异常处理特征,如果里面有异常的话就初始化调用PDOException来初始化一个异常类。 PDOException异常类的属性结构: <?php class PDOException extends Exception {  public $errorInfo = null; // 错误信息,可以调用 PDO::errorInfo() 或 PDOStatement::errorInfo()来访问

PHP PDO returning single row

烈酒焚心 提交于 2019-12-27 12:13:49
问题 UPDATE 2: So is this the most optimized it can get? $DBH = new PDO( "connection string goes here" ); $STH = $DBH -> prepare( "select figure from table1" ); $STH -> execute(); $result = $STH -> fetch(); echo $result ["figure"]; $DBH = null; UPDATE 1: I know I can add limit to the sql query, but I also want to get rid of the foreach loop, which I should not need. ORIGINAL QUESTION: I have the following script which is good IMO for returning many rows from the database because of the "foreach"

PDO's query vs execute

…衆ロ難τιáo~ 提交于 2019-12-27 11:02:42
问题 Are they both do the same thing, only differently? Is there any difference besides using prepare between $sth = $db->query("SELECT * FROM table"); $result = $sth->fetchAll(); and $sth = $db->prepare("SELECT * FROM table"); $sth->execute(); $result = $sth->fetchAll(); ? 回答1: query runs a standard SQL statement and requires you to properly escape all data to avoid SQL Injections and other issues. execute runs a prepared statement which allows you to bind parameters to avoid the need to escape

Can I improve my PDO method (just started)

馋奶兔 提交于 2019-12-26 15:07:55
问题 I just switched to PDO from mySQLi (from mySQL) and it's so far good and easy, especially regarding prepared statements This is what I have for a select with prepared statement Main DB file (included in all pages): class DBi { public static $conn; // this I need to make the connection "global" } try { DBi::$conn = new PDO("mysql:host=$dbhost;dbname=$dbname;charset=utf8", $dbuname, $dbpass); DBi::$conn->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); DBi::$conn->setAttribute(PDO:
订阅 pdo