刚转学php,请大家帮我写段数据库查询类的代码 $this->dbh = new PDO($dsn, $user, $pass);你的my_query看上去没错,将注释的那几行打开。先试试看。 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 终于搞定了,看了网上众多代码,测试失败了无数次,结果是弄出来了,插入,删除,更新的通用类,请大神指点下这样做有没有什么弊端,会不会影响性能等。下一步研究下那个参数化,据说可以防止sql注入。conn.php内容:<?php//数据库操作类class my_sql{public $user='root'; //数据库连接用户名public $pass='123456'; //对应的密码public $dsn='mysql:host=localhost;dbname=lif2';//查询数据库返回结果public function sql_select($sql){ try { $dbh = new PDO($this->dsn, $this->user,$this->pass); $dbh->query("SET NAMES UTF8"); return $dbh->query($sql); $dbh=null; } catch(Exception $e) { echo 'error: '.$e->getMessage(); }}//操作单条数据(更新/删除/插入),无返回结果public function sql_one($sql){ try { $dbh = new PDO($this->dsn, $this->user,$this->pass); $dbh->exec("SET NAMES UTF8"); $dbh->exec($sql); $dbh=null; } catch(Exception $e) { echo 'error: '.$e->getMessage(); }}//操作多条数据(更新/删除),无返回结果public function sql_more($sql,$str){ try { $dbh = new PDO($this->dsn, $this->user,$this->pass); $dbh->exec("SET NAMES UTF8"); foreach($str as $arrs) { $dbh->exec($sql.$arrs); } $dbh=null; } catch(Exception $e) { echo 'error: '.$e->getMessage(); } }}?>页面调用函数:include 'conn.php';$mysql = new my_sql;//操作单挑数据$mysql->sql_one("DELETE FROM `user_type` WHERE `user_id` = ".$_REQUEST['id']."");//读取内容$aa=$mysql->sql_select('SELECT * FROM user_type order by user_id'); foreach ($aa as $row) {//输出内容echo '<tr>';echo '<td>'.$row['user_id'].'</td><td>'.$row['user_name'].'</td><td>'.$row['user_real_name'].'</td><td>'.$row['user_sex'].'</td><td>'.$row['user_tel'].'</td><td>'.$row['user_qq'].'</td><td>'.$row['user_address'].'</td><td>'.$row['user_email'].'</td><td><a href="?action=del&id='.$row['user_id'].'" title="删除">删除</a></td><td><input name="delAll[]" class="c" type="checkbox" value="'.$row['user_id'].'" /></td>';echo '</tr>';}//操作多条数据$id=$_POST['delAll'];if(isset($id)){$mysql->sql_more("DELETE FROM `user_type` WHERE `user_id` = ",$id);}上面的操作方法和思路还是沿袭了asp.net开发的习惯,不知道在php开发上实用不,望大神指点一下。 你现在这个不能防注入,防注入需要用PDO::prepare<?php/* Execute a prepared statement by passing an array of values */$sth = $dbh->prepare('SELECT name, colour, calories FROM fruit WHERE calories < ? AND colour = ?');$sth->execute(array(150, 'red'));$red = $sth->fetchAll();$sth->execute(array(175, 'yellow'));$yellow = $sth->fetchAll();?> 类中如何调生成其它类对象 网人采集程序不能入库,大虾帮忙 apache php mysql的环境配置 dedesms提示信息窗口怎样加长时间 关于PHP开源协议GPL的法律问题,纯技术问题. 提个关于索引效率的问题 请高手看一下这是什么原因造成的? 请教 有那位大虾,将session和gd的使用,原理整理一下啊! 大家是怎样debug PHP的啊? 关于PHP注入问题,我把php.ini所有错误提示都屏蔽了,还能注入吗? 找一个能直接将png格式转为ico格式的代码~~
<?php
//数据库操作类
class my_sql
{
public $user='root'; //数据库连接用户名
public $pass='123456'; //对应的密码
public $dsn='mysql:host=localhost;dbname=lif2';//查询数据库返回结果
public function sql_select($sql)
{
try
{
$dbh = new PDO($this->dsn, $this->user,$this->pass);
$dbh->query("SET NAMES UTF8");
return $dbh->query($sql);
$dbh=null;
}
catch(Exception $e)
{
echo 'error: '.$e->getMessage();
}
}//操作单条数据(更新/删除/插入),无返回结果
public function sql_one($sql)
{
try
{
$dbh = new PDO($this->dsn, $this->user,$this->pass);
$dbh->exec("SET NAMES UTF8");
$dbh->exec($sql);
$dbh=null;
}
catch(Exception $e)
{
echo 'error: '.$e->getMessage();
}
}//操作多条数据(更新/删除),无返回结果
public function sql_more($sql,$str)
{
try
{
$dbh = new PDO($this->dsn, $this->user,$this->pass);
$dbh->exec("SET NAMES UTF8");
foreach($str as $arrs)
{
$dbh->exec($sql.$arrs);
}
$dbh=null;
}
catch(Exception $e)
{
echo 'error: '.$e->getMessage();
}
}
}
?>页面调用函数:include 'conn.php';
$mysql = new my_sql;
//操作单挑数据
$mysql->sql_one("DELETE FROM `user_type` WHERE `user_id` = ".$_REQUEST['id']."");
//读取内容
$aa=$mysql->sql_select('SELECT * FROM user_type order by user_id');
foreach ($aa as $row)
{
//输出内容
echo '<tr>';
echo '<td>'.$row['user_id'].'</td><td>'.$row['user_name'].'</td><td>'.$row['user_real_name'].'</td><td>'.$row['user_sex'].'</td><td>'.$row['user_tel'].'</td><td>'.$row['user_qq'].'</td><td>'.$row['user_address'].'</td><td>'.$row['user_email'].'</td><td><a href="?action=del&id='.$row['user_id'].'" title="删除">删除</a></td><td><input name="delAll[]" class="c" type="checkbox" value="'.$row['user_id'].'" /></td>';
echo '</tr>';
}
//操作多条数据
$id=$_POST['delAll'];
if(isset($id))
{
$mysql->sql_more("DELETE FROM `user_type` WHERE `user_id` = ",$id);
}
上面的操作方法和思路还是沿袭了asp.net开发的习惯,不知道在php开发上实用不,望大神指点一下。
<?php
/* Execute a prepared statement by passing an array of values */
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < ? AND colour = ?');
$sth->execute(array(150, 'red'));
$red = $sth->fetchAll();
$sth->execute(array(175, 'yellow'));
$yellow = $sth->fetchAll();
?>