A prepared statement is a feature used to execute the same/similar SQL statement repeatedlly with high efficiency.

Prepared statement basically work like this:

  Prepared: An SQL statement template is created and sent to the database.Certain values are left unspecified, called parameters(?)

  The database parses, compiles, and performs query optimization on the SQL statement template, and stores the result without executing it.

  Execute: At a later time, the application binds the values to the parameters, and the database executes the statement.The application may execute the statement as many times as it wants with differenet values.

Compared to executing SQL statements directly, prepared statements have 2 main advantages:

  Prepared statements reduces parsing time as the preparation on the query is done only once

  Bound parameters minimize bandwidth to the server as you need send only the parameters each time, and not the whole query

  Prepared statements are very useful against SQL injections, because parameter values, which are transmitted later using a different protocol, need not be correctly escaped.If the original statement template is not derived from external input, SQL injection cannot occur.

 

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDB";

  

  $conn = new mysqli($servername, $username, $password, $dbname);

  if($conn -> connect_error){

    die("Connection failed:" . $conn -> connect_error);

  }

   

  $stmt = $conn ->prepare("INSERT INTO MyTable(firstname, lastname, email) VALUES (?, ? , ?)");

  <!-- the first paramters tells the database what the parameters are sss means three parameters are all string type  -->

  <!--       i --integer    d -- double     s--string     b--BLOB        -->

  $stmt ->bind_parem("sss", $firstname, $lastname, $email);

  

  $firstname = "John";

  $lastname = "Doe";

  $email = "john@xx.com";

  $stmt -> execute();

  $firstname = "Mary";

  $lastname = "Moe";

  $email = "mary@xx.com";

  $stmt -> execute();

   

  $stmt -> close();

  $conn -> close();

?>

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDBPDO";

  

  try{

    $conn = new PDO("mysql:host=$servername; dbname=$dbname", $username, $password);

    $conn -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

  

    $stmt = $conn ->prepare("INSERT INTO MyTable(firstname, lastname, email) VALUES(:firstname, :lastname, :email)");

    $stmt ->bindParam

  }catch(PDOException $e){

    error "Errpr: " .$ e -> getMessage();

  }

  

  $conn = null;

?>

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDB";

  

  $conn = new mysqli($servername,  $username, $password, $dbname);

  if($conn -> connect_error){

    die("Connection failed:" . $conn -> connect_error);

  }

  if($result -> num_rows > 0){

    while($row = $result -> fetch_assoc()){

      echo "id:" .$row["id"]. "- Name:" . $row["fistname"] . " " .$row["lastname"] . "<br>";

    }

  }else{

    echo "0 results";

  }

  $conn -> close();

?>

DB other operation的更多相关文章

  1. (翻译)《Hands-on Node.js》—— Why?

    事出有因 为何选择event loop? Event Loop是一种推进无阻塞I/O(网络.文件或跨进程通讯)的软件模式.传统的阻塞编程也是用一样的方式,通过function来调用I/O.但进程会在该 ...

  2. StackExchange.Redis 二次封装

    在NuGet直接搜索StackExchange.Redis,下载引用包: 帮助类: public class RedisUtils { /// <summary> /// redis配置文 ...

  3. Transactional ejb 事务陷阱

    对应ejb,默认是对整个类使用事务.所以所有方法都开启事务. 而对于用TransactionAttribute注释来引用容器管理的事务,只能在第一级的方法中使用.对应类中的方法再调用其它类中方法,注释 ...

  4. mongodb安装、远程访问设置、基本常用操作和命令以及GUI

    https://www.mongodb.com/download-center?jmp=nav下载对应OS的版本,tar -xzvf解压 对于最新版本比如3.4,windows 7下可能回报api-m ...

  5. C++ 实现sqilte创建数据库插入、更新、查询、删除

    C/C++ Interface APIs Following are important C/C++ SQLite interface routines, which can suffice your ...

  6. ORADEBUG DOC 12.1.0.2

     https://berxblog.blogspot.com/2015/01/oradebug-doc-12102.html   this is just an online docu of ORAD ...

  7. mongodb - 查看正在执行的操作

    查看正在执行的操作 db.currentOp() 查看系统执行的操作 db.currentOp(True) kill正在执行的操作 db.killOp(<operation id>) 示例 ...

  8. Redis命令学习-string类型操作

    APPEND key value     假设key已经存在,而且为字符串.那么这个命令会把value追加到原来值的末尾.假设key不存在.首先创建一个空字符串,再运行追加操作.     返回值:返回 ...

  9. 深入理解MVC C#+HtmlAgilityPack+Dapper走一波爬虫 StackExchange.Redis 二次封装 C# WPF 用MediaElement控件实现视频循环播放 net 异步与同步

    深入理解MVC   MVC无人不知,可很多程序员对MVC的概念的理解似乎有误,换言之他们一直在错用MVC,尽管即使如此软件也能被写出来,然而软件内部代码的组织方式却是不科学的,这会影响到软件的可维护性 ...

随机推荐

  1. hdu---(1421)搬寝室(dp)

    搬寝室 Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (Java/Others)Total Submiss ...

  2. hdu---------(1026)Ignatius and the Princess I(bfs+dfs)

    Ignatius and the Princess I Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/32768 K (J ...

  3. #define && const

    (1) 编译器处理方式不同 define宏是在预处理阶段展开. const常量是编译运行阶段使用. (2) 类型和安全检查不同 define宏没有类型,不做任何类型检查,仅仅是展开. const常量有 ...

  4. ABAP简单表维护的制作

    为了知识的积累,特作了个简单的表维护. 因为自己之前做dynpro程序的时候建了一个Tree node的表,所以就不在此重复.(在表的交付和维护页签中标的属性要是‘允许标准表维护的’) 直接Alt+U ...

  5. Go语言并发与并行学习笔记(三)

    转:http://blog.csdn.net/kjfcpua/article/details/18265475 Go语言并发的设计模式和应用场景 以下设计模式和应用场景来自Google IO上的关于G ...

  6. MVC1-5直接访问静态页面

    MVC模式下默认是无法访问站点内静态页面,昨日百度找了半天试了半天才试成功. 默认在Views文件外的静态页面可以访问,若要访问Views里的静态页面则需要修改View文件夹中的web.config: ...

  7. Spring的web应用启动加载数据字典方法

    在一个基于Spring的web项目中,当我们需要在应用启动时加载数据字典时,可写一个监听实现javax.servlet.ServletContextListener 实现其中的contextIniti ...

  8. MySql避免全表扫描【转】

    原文地址:http://blog.163.com/ksm19870304@126/blog/static/37455233201251901943705/ 对查询进行优化,应尽量避免全表扫描,首先应考 ...

  9. JavaWeb chapter 1 http协议

    1.  静态web和动态web的区别: 静态web和动态web最本质的区别是静态web是无法进行数据库操作,而动态web是可以进行数据库操作的.动态web的最大特点就是具有交互性,所谓交互性就是服务器 ...

  10. ajax状态码

    1- AJAX状态值与状态码区别 AJAX状态值是指,运行AJAX所经历过的几种状态,无论访问是否成功都将响应的步骤,可以理解成为AJAX运行步骤.如:正在发送,正在响应等,由AJAX对象与服务器交互 ...