php pdo数据库类mysql操作示例

发布时间:2020-06-18编辑:脚本学堂
有关php pdo类连接mysql数据库、防止sql注入的一例代码,php pdo所有操作封装到一个类中,一起学习下。

php pdo类代码:
 

复制代码 代码示例:
class DB {
//pdo对象
public $con = NULL;
 
function DB()
{
$this->con = new PDO("mysql:host=127.0.0.1;dbname=dbtest", "root", "xxx", array(
PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES `utf8`',
PDO::ATTR_PERSISTENT => TRUE,
));
 
$this->con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$this->con->setAttribute(PDO::ATTR_CASE, PDO::CASE_UPPER);
}
 
public function query($sql, $para = NULL)
{
$sqlType = strtoupper(substr($sql, 0, 6));
 
$cmd = $this->con->prepare($sql);
if($para != NULL)
{
$cmd->execute($para);
}
else
{
$cmd->execute();
}
 
if($sqlType == "SELECT")
{
return $cmd->fetchAll();
}
 
if($sqlType == "INSERT")
{
return $this->con->lastInsertId();
} // www.jb200.com
 
return $cmd->rowCount();
}
}

使用方法:
 

复制代码 代码示例:
include "pdo.php";
 
$db = new DB();
$subjectList = $db->query("SELECT * FROM `table1`");
$count = $db->query("UPDATE `table1` SET `name` = 'test' WHERE `id` = :id", array(':id' => 795));
 
try
{
echo $db->con->beginTransaction();
$count = $db->con->exec("UPDATE `table1` SET `name` = 'test1' WHERE `id` = 795");
$count = $db->con->exec("UPDATE `table1` SET `name1` = 'test22' WHERE `id` = 795");
$count = $db->con->exec("UPDATE `table1` SET `name1` = 'test333' WHERE `id` = 795");
echo $db->con->commit();
}
catch (Exception $e)
{
// MYSQL 的表类型 innodb(支持事务) myisam(不支持事务)
echo $db->con->rollBack();
throw new MyException("事务测试错误", $e);
}
 
$db = NULL;

pdo支持sql语句以参数方式调用,可有效的防止sql注入
php pdo简单使用(query(),exec(),prepare(),transaction,行锁)。

代码:
 

复制代码 代码示例:

<html>
<body>
<?php
#数据库连接
$dbtype = 'mysql';
$host = 'localhost';
$db = 'test';
$user = 'root';
$psw = 'china0913';

$dsn = $dbtype . ':host=' . $host . ';' . 'dbname=' . $db;

try {
$dbh = new PDO($dsn, $user, $psw, array(PDO::ATTR_PERSISTENT=>true));
echo '连接成功<br>';
} catch(Exception $e) {
die('Connect Failed Message: ' . $e->getMessage());
}

#使用query函数查询
$sql = 'SELECT * FROM user';
$query = $dbh->query($sql);
$query->setFetchMode(PDO::FETCH_ASSOC);//设置结果集返回格式,此处为关联数组,即不包含index下标
$rs = $query->fetchAll();
var_dump($rs);

#使用exec函数进行INSERT,UPDATE,DELETE,结果返回受影响的行数
$sql = 'INSERT INTO user (`userName`, `userPassword`, `userAge`) SELECT (MAX(userId) + 1), '123456', 18 FROM user';//插入一行用户数据,其中userName使用userId最大值+1
// $rs = $dbh->exec($sql);
// var_dump($rs) . '<br>';

#使用prepareStatement进行CURD
$sql = 'SELECT * FROM user WHERE userId = ?';
$stmt = $dbh->prepare($sql);
$stmt->bindParam(1, $userId);//绑定第一个参数值
$userId = 1;

$stmt->execute();
$stmt->setFetchMode(PDO::FETCH_ASSOC);
$rs = $stmt->fetchAll();
var_dump($rs);

#使用事务
try {
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);//设置错误模式,发生错误时抛出异常
$dbh->beginTransaction();
$sql1 = 'SELECT bookNum FROM book WHERE bookId = ? FOR UPDATE';//此处加上行锁,可以对bookNum做一些判断,bookNum>1,才做下一步更新操作
$sql2 = 'UPDATE book SET bookNum=bookNum-1 WHERE bookId = ?';//加上行锁后,如果user1在买书,并且user1的买书过程没有结束,user2就不能执行SELECT查询书籍数量的操作,这样就保证了不会出现只有1本书,却两个人同时买的状况
$stmt1 = $dbh->prepare($sql1);
$stmt2 = $dbh->prepare($sql2);
$stmt1->bindParam(1, $userId);
$stmt2->bindParam(1, $userId);
$userId = 1;
$stmt1->execute();
$stmt2->execute();
$dbh->commit();
} catch(Exception $e) {
$dbh->rollBack();
die('Transaction Error Message: ' . $e->getMessage());
}
?>
</body>
</html>