A prepared statement is a feature used to execute the same/similar SQL statement repeatedlly with high efficiency.

Prepared statement basically work like this:

  Prepared: An SQL statement template is created and sent to the database.Certain values are left unspecified, called parameters(?)

  The database parses, compiles, and performs query optimization on the SQL statement template, and stores the result without executing it.

  Execute: At a later time, the application binds the values to the parameters, and the database executes the statement.The application may execute the statement as many times as it wants with differenet values.

Compared to executing SQL statements directly, prepared statements have 2 main advantages:

  Prepared statements reduces parsing time as the preparation on the query is done only once

  Bound parameters minimize bandwidth to the server as you need send only the parameters each time, and not the whole query

  Prepared statements are very useful against SQL injections, because parameter values, which are transmitted later using a different protocol, need not be correctly escaped.If the original statement template is not derived from external input, SQL injection cannot occur.

 

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDB";

  

  $conn = new mysqli($servername, $username, $password, $dbname);

  if($conn -> connect_error){

    die("Connection failed:" . $conn -> connect_error);

  }

   

  $stmt = $conn ->prepare("INSERT INTO MyTable(firstname, lastname, email) VALUES (?, ? , ?)");

  <!-- the first paramters tells the database what the parameters are sss means three parameters are all string type  -->

  <!--       i --integer    d -- double     s--string     b--BLOB        -->

  $stmt ->bind_parem("sss", $firstname, $lastname, $email);

  

  $firstname = "John";

  $lastname = "Doe";

  $email = "john@xx.com";

  $stmt -> execute();

  $firstname = "Mary";

  $lastname = "Moe";

  $email = "mary@xx.com";

  $stmt -> execute();

   

  $stmt -> close();

  $conn -> close();

?>

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDBPDO";

  

  try{

    $conn = new PDO("mysql:host=$servername; dbname=$dbname", $username, $password);

    $conn -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

  

    $stmt = $conn ->prepare("INSERT INTO MyTable(firstname, lastname, email) VALUES(:firstname, :lastname, :email)");

    $stmt ->bindParam

  }catch(PDOException $e){

    error "Errpr: " .$ e -> getMessage();

  }

  

  $conn = null;

?>

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDB";

  

  $conn = new mysqli($servername,  $username, $password, $dbname);

  if($conn -> connect_error){

    die("Connection failed:" . $conn -> connect_error);

  }

  if($result -> num_rows > 0){

    while($row = $result -> fetch_assoc()){

      echo "id:" .$row["id"]. "- Name:" . $row["fistname"] . " " .$row["lastname"] . "<br>";

    }

  }else{

    echo "0 results";

  }

  $conn -> close();

?>

DB other operation的更多相关文章

  1. (翻译)《Hands-on Node.js》—— Why?

    事出有因 为何选择event loop? Event Loop是一种推进无阻塞I/O(网络.文件或跨进程通讯)的软件模式.传统的阻塞编程也是用一样的方式,通过function来调用I/O.但进程会在该 ...

  2. StackExchange.Redis 二次封装

    在NuGet直接搜索StackExchange.Redis,下载引用包: 帮助类: public class RedisUtils { /// <summary> /// redis配置文 ...

  3. Transactional ejb 事务陷阱

    对应ejb,默认是对整个类使用事务.所以所有方法都开启事务. 而对于用TransactionAttribute注释来引用容器管理的事务,只能在第一级的方法中使用.对应类中的方法再调用其它类中方法,注释 ...

  4. mongodb安装、远程访问设置、基本常用操作和命令以及GUI

    https://www.mongodb.com/download-center?jmp=nav下载对应OS的版本,tar -xzvf解压 对于最新版本比如3.4,windows 7下可能回报api-m ...

  5. C++ 实现sqilte创建数据库插入、更新、查询、删除

    C/C++ Interface APIs Following are important C/C++ SQLite interface routines, which can suffice your ...

  6. ORADEBUG DOC 12.1.0.2

     https://berxblog.blogspot.com/2015/01/oradebug-doc-12102.html   this is just an online docu of ORAD ...

  7. mongodb - 查看正在执行的操作

    查看正在执行的操作 db.currentOp() 查看系统执行的操作 db.currentOp(True) kill正在执行的操作 db.killOp(<operation id>) 示例 ...

  8. Redis命令学习-string类型操作

    APPEND key value     假设key已经存在,而且为字符串.那么这个命令会把value追加到原来值的末尾.假设key不存在.首先创建一个空字符串,再运行追加操作.     返回值:返回 ...

  9. 深入理解MVC C#+HtmlAgilityPack+Dapper走一波爬虫 StackExchange.Redis 二次封装 C# WPF 用MediaElement控件实现视频循环播放 net 异步与同步

    深入理解MVC   MVC无人不知,可很多程序员对MVC的概念的理解似乎有误,换言之他们一直在错用MVC,尽管即使如此软件也能被写出来,然而软件内部代码的组织方式却是不科学的,这会影响到软件的可维护性 ...

随机推荐

  1. 【如何快速的开发一个完整的iOS直播app】(推流篇)

    前言 在看这篇之前,如果您还不了解直播原理,请查看这篇文章如何快速的开发一个完整的iOS直播app(原理篇) 开发一款直播app,肯定需要流媒体服务器,本篇主要讲解直播中流媒体服务器搭建,并且讲解了如 ...

  2. Spring事务管理中@Transactional

    最近写的一个消息推送的接口,供订单生成后调用,发现每次传过来的时候订单id是存在的,可是利用订单id去查订单信息做后续操作时发现查不到数据,最终发现是订单生成时候业务处理写在service层,加了Sp ...

  3. hdu5879 Cure

    题目链接:hdu5879 Cure 题解:用字符串输入.n很大时答案趋近与(π^2)/6. #include<cstdio> #include<algorithm> #incl ...

  4. css3导航-磊哥

    <!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head>    < ...

  5. MVP Community Camp 社区大课堂

    MVP Community Camp 社区大课堂         微软技术社区大课堂开课啦!!!#MVPComCamp# 全中国微软最有价值专家MVP 在 3月21日周五全天齐聚北京国际会议中心为您呈 ...

  6. java 面向对象编程--第十章 接口

    1.  接口可以看做是抽象类的特例.抽象类中可以定义抽象方法,也可以定义具体方法.但接口只能定义抽象方法.所有接口可以看作行为的抽象.定义接口使用关键字interface,实现接口使用关键字imple ...

  7. SQL语句的用法

    1.增加字段     alter table docdsp     add dspcodechar(200)2.删除字段     ALTER TABLE table_NAME DROP COLUMNc ...

  8. 转: Div与table的区别

    1:速度和加载方式方面的区别 div 和 table 的差异不是速度,而是加载方式,速度只能是指网络速度,如果速度足够快,是没有差异的: div 的加载方式是即读即加载,遇到 <div> ...

  9. HDU 4089 Activation 概率DP 难度:3

    http://acm.hdu.edu.cn/showproblem.php?pid=4089 这道题中一共有两个循环: 1.事件1 如果一直落在Activation failed事件上,那么就会重新继 ...

  10. 一模 (1) day2

    第一题:(水题) 题目大意:就是给出扫雷的图,然后统计每个九宫格的雷的个数. 解题过程: 1.好久没做这样的水题了.直接模拟水过.. 第二题: 题目大意:给出一个长度小于1000的数k,要求一个尽可能 ...