MySQL中的fetch和預(yù)處理語句(prepared statement)是兩種不同的方法,用于從數(shù)據(jù)庫檢索數(shù)據(jù)和執(zhí)行SQL查詢。
// 創(chuàng)建連接
$conn = new mysqli($servername, $username, $password, $dbname);
// 檢查連接
if ($conn->connect_error) {
die("連接失敗: " . $conn->connect_error);
}
// 查詢
$sql = "SELECT id, name FROM users";
$result = $conn->query($sql);
// 遍歷結(jié)果集
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "id: " . $row["id"]. " - Name: " . $row["name"]. "<br>";
}
} else {
echo "0 結(jié)果";
}
$conn->close();
// 創(chuàng)建連接
$conn = new mysqli($servername, $username, $password, $dbname);
// 檢查連接
if ($conn->connect_error) {
die("連接失敗: " . $conn->connect_error);
}
// 準(zhǔn)備查詢
$stmt = $conn->prepare("INSERT INTO users (name, email) VALUES (?, ?)");
if ($stmt === false) {
echo "準(zhǔn)備失敗: " . $conn->error;
exit;
}
// 綁定參數(shù)
$name = "張三";
$email = "zhangsan@example.com";
$stmt->bind_param("ss", $name, $email);
// 執(zhí)行查詢
if ($stmt->execute() === true) {
echo "新記錄插入成功";
} else {
echo "Error: " . $stmt->error;
}
// 關(guān)閉語句和連接
$stmt->close();
$conn->close();
在這個示例中,我們使用預(yù)處理語句插入一條新記錄。通過使用占位符(?)和bind_param
方法,我們可以確保傳遞給查詢的數(shù)據(jù)不會被解釋為SQL代碼,從而防止SQL注入攻擊。