如何在OOP中使用PHP预处理语句

问题描述 投票:-1回答:3

我正在使用此代码保存我的数据(粘贴我的代码)

Connection.php:

<?php
    namespace Database;
    use Mysqli;

    class Connection {
        public $con;

        function __construct() {
            $this->con = new mysqli(connection strings here);
        }

        function save($sql) {
            $this->con->query($sql);
        }
    }
?>

然后我的Save.php是这样的:

<?php
    require 'config.php';

    class Save {
        function __construct($username, $password) {
            $connect = new Database\Connection;
            $sql = "INSERT INTO sample(string1, string2) VALUES ('$test1', '$test2')";
            $connect->save($sql);
        }
    }

    $save = new Save("last", "last");
?>

我的问题是如何在这里实现bind params并为PHP准备语句?

而且我想问一下,我应该为我的代码实现这个和最佳实践的最佳方法是什么

多谢你们

php mysqli prepared-statement bindparam
3个回答
1
投票

你的课程是以一种奇怪的方式构建的,我猜你想要某种类似ORM的课程吗?

如果是这样,您可能希望将Save类重命名为User(这是猜测,因为您尝试保存用户名和密码)并移动构造函数逻辑,例如

class User {

    function save($username, $password) {

        $sql = "INSERT INTO users (username, password) VALUES (?,?)";
        $stmt = $mysqli->prepare($sql);
        $stmt->bind_param("ss", $username, $password);
        $stmt->execute();        

    }

}
0
投票

此示例说明了如何执行此操作。

<?php
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'world');

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
$stmt->bind_param('sssd', $code, $language, $official, $percent);

$code = 'DEU';
$language = 'Bavarian';
$official = "F";
$percent = 11.2;

/* execute prepared statement */
$stmt->execute();

printf("%d Row inserted.\n", $stmt->affected_rows);

/* close statement and connection */
$stmt->close();

/* Clean up table CountryLanguage */
$mysqli->query("DELETE FROM CountryLanguage WHERE Language='Bavarian'");
printf("%d Row deleted.\n", $mysqli->affected_rows);

/* close connection */
$mysqli->close();
?>

你可以在这个链接中找到更多信息:http://php.net/manual/tr/mysqli-stmt.bind-param.php

我建议你使用PDO以更好的方式连接数据库。

0
投票

像这样使用。

public function insert_new_user($username, $email, $password){

    $mysqli = $this->link;

    $sql = "INSERT INTO users"
        . " (user_name, user_email, user_pass)"
        . " VALUES (?, ?, ?)";

    $stmt = $mysqli->prepare($sql);

    $stmt->bind_param("sss", $username, $email, $password);

    if ($stmt->execute()) {
        return "success";
    } else {
        return "failed: " . $mysqli->error;
    }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.