sql >> データベース >  >> RDS >> Mysql

MySQLコードをPDOステートメントに変換する方法は?

    接続する

    まず、mysqliを置き換える必要があります PDOとの接続 1つ(または少なくともPDOを追加します mysqliとの接続 1つ!)

    // Define database connection parameters
    $db_host = "127.0.0.1";
    $db_name = "name_of_database";
    $db_user = "user_name";
    $db_pass = "user_password";
    
    
    // Create a connection to the MySQL database using PDO
    $pdo = new pdo(
        "mysql:host={$db_host};dbname={$db_name}",
        $db_user,
        $db_pass,
        [
            PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
            PDO::ATTR_EMULATE_PREPARES => FALSE
        ]
    );
    

    コードを更新する

    mysqliを使用したプリペアドステートメント およびPDO

    変数データをSQLクエリに入れるときは、ほとんどの場合、プリペアドステートメントを使用することをお勧めします。安全であるだけでなく(データがユーザーが生成したあらゆる種類の入力からのものである場合)、読みやすくなり、異なる値で複数回実行するのも簡単になります。

    mysqliを使用して作成されたクエリ :

    $sql   = "SELECT column1, column2 FROM table WHERE column3 = ? AND column4 = ?";
    $query = $mysqli->prepare($sql);
    $query->bind_param("si", $string_condition, $int_condition);
    $query->execute();
    $query->store_result();
    $query->bind_result($column1, $column2);
    $query->fetch();
    
    echo "Column1: {$column1}<br>";
    echo "Column2: {$column2}";
    

    PDOを使用して作成されたクエリ :

    $sql   = "SELECT column1, column2 FROM table WHERE column3 = ? AND column4 = ?";
    $query = $pdo->prepare($sql);
    $query->execute([$string_condition, $int_condition]);
    $row   = $query->fetchObject();
    # $row = $query->fetch(); // Alternative to get indexed and/or associative array
    
    echo "Column1: {$row->column1}<br>";
    echo "Column2: {$row->column2}";
    

    更新されたコード

    // Using the NULL coalescing operator here is shorter than a ternary
    $id = $_SESSION['u_id'] ?? NULL;
    
    if($id) {
        $sql   = "SELECT email FROM users WHERE u_id = ?";
        $query = $pdo->prepare($sql);    // Prepare the query
        $query->execute([$id]);          // Bind the parameter and execute the query
        $email = $query->fetchColumn();  // Return the value from the database
    }
    
    // Putting "$email" on a line by itself does nothing for your code. The only
    // thing it does is generate a "Notice" if it hasn't been defined earlier in
    // the code. Best use:
    //    - The ternary operator: $email = (isset($email)) ? $email : "";
    //    - The NULL coalescing operator: $email = $email ?? "";
    //    - OR initialize it earlier in code, before the first `if`, like: $email = "";
    // N.B. Instead of "" you could use NULL or FALSE as well. Basically in this case 
    //    anything that equates to BOOL(FALSE); so we can use them in `if` statements
    //    so the following (2 commented lines and 1 uncommented) are effectively
    //    interchangeable.
    $email = $email ?? "";
    # $email = $email ?? FALSE; 
    # $email = $email ?? NULL;
    
    // Presumably you will also want to change this function to PDO and prepared statements?
    // Although it doesn't actually do anything in the code provided?
    $suggestions = selectAll($table);  
    
    // Same as with email, we're just going to use the NULL coalescing operator.
    // Note: in this case you had used the third option from above - I've just
    //   changed it so there is less bloat.
    $optionOne     = $_POST['optionOne'] ?? "";
    $optionTwo     = $_POST['optionTwo'] ?? "";
    $newSuggestion = $_POST['new-suggestion'] ?? "";
    
    // There's no point nesting `if` statements like this when there doesn't appear to be any
    // additional code executed based on the out come of each statement? Just put it into one.
    // We now don't need to use empty etc. because an empty, false, or null string all.
    // equate to FALSE.
    if($newSuggestion && $id && $email && $optionOne && $optionTwo) {
        // Not sure why you've made the the table name a variable UNLESS you have multiple tables
        // with exactly the same columns etc. and need to place in different ones at different
        // times. Which seems unlikely so I've just put the table name inline.
        $sql   = "INSERT INTO suggestions (user_id, email, option_1, option_2) VALUES (?, ?, ?, ?)";
        $query = $pdo->prepare($sql);
        $query->execute([$id, $email, $optionOne, $optionTwo]);
    }
    else{
        echo "All options must be entered";
    }
    

    コメントなし

    $id = $_SESSION['u_id'] ?? NULL;
    
    if($id) {
        $sql   = "SELECT email FROM users WHERE u_id = ?";
        $query = $pdo->prepare($sql);
        $query->execute([$id]);
        $email = $query->fetchColumn();
    }
    $email       = $email ?? "";
    $suggestions = selectAll($table);  
    
    $optionOne     = $_POST['optionOne'] ?? "";
    $optionTwo     = $_POST['optionTwo'] ?? "";
    $newSuggestion = $_POST['new-suggestion'] ?? "";
    
    if($newSuggestion && $id && $email && $optionOne && $optionTwo) {
        $sql   = "INSERT INTO suggestions (user_id, email, option_1, option_2) VALUES (?, ?, ?, ?)";
        $query = $pdo->prepare($sql);
        $query->execute([$id, $email, $optionOne, $optionTwo]);
    }
    else{
        echo "All options must be entered";
    }
    



    1. SQL ServerStandardEditionの高可用性の将来

    2. テーブル全体をロックせずにテーブルを変更する

    3. クエリを使用して、指定された2つの日付の間の月のリストを取得するにはどうすればよいですか?

    4. MySQLのSQL固有のプログラミング言語名は何ですか?