A prepared statement is a feature used to execute the same/similar SQL statement repeatedlly with high efficiency.

Prepared statement basically work like this:

  Prepared: An SQL statement template is created and sent to the database.Certain values are left unspecified, called parameters(?)

  The database parses, compiles, and performs query optimization on the SQL statement template, and stores the result without executing it.

  Execute: At a later time, the application binds the values to the parameters, and the database executes the statement.The application may execute the statement as many times as it wants with differenet values.

Compared to executing SQL statements directly, prepared statements have 2 main advantages:

  Prepared statements reduces parsing time as the preparation on the query is done only once

  Bound parameters minimize bandwidth to the server as you need send only the parameters each time, and not the whole query

  Prepared statements are very useful against SQL injections, because parameter values, which are transmitted later using a different protocol, need not be correctly escaped.If the original statement template is not derived from external input, SQL injection cannot occur.

 

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDB";

  

  $conn = new mysqli($servername, $username, $password, $dbname);

  if($conn -> connect_error){

    die("Connection failed:" . $conn -> connect_error);

  }

   

  $stmt = $conn ->prepare("INSERT INTO MyTable(firstname, lastname, email) VALUES (?, ? , ?)");

  <!-- the first paramters tells the database what the parameters are sss means three parameters are all string type  -->

  <!--       i --integer    d -- double     s--string     b--BLOB        -->

  $stmt ->bind_parem("sss", $firstname, $lastname, $email);

  

  $firstname = "John";

  $lastname = "Doe";

  $email = "john@xx.com";

  $stmt -> execute();

  $firstname = "Mary";

  $lastname = "Moe";

  $email = "mary@xx.com";

  $stmt -> execute();

   

  $stmt -> close();

  $conn -> close();

?>

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDBPDO";

  

  try{

    $conn = new PDO("mysql:host=$servername; dbname=$dbname", $username, $password);

    $conn -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

  

    $stmt = $conn ->prepare("INSERT INTO MyTable(firstname, lastname, email) VALUES(:firstname, :lastname, :email)");

    $stmt ->bindParam

  }catch(PDOException $e){

    error "Errpr: " .$ e -> getMessage();

  }

  

  $conn = null;

?>

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDB";

  

  $conn = new mysqli($servername,  $username, $password, $dbname);

  if($conn -> connect_error){

    die("Connection failed:" . $conn -> connect_error);

  }

  if($result -> num_rows > 0){

    while($row = $result -> fetch_assoc()){

      echo "id:" .$row["id"]. "- Name:" . $row["fistname"] . " " .$row["lastname"] . "<br>";

    }

  }else{

    echo "0 results";

  }

  $conn -> close();

?>

DB other operation的更多相关文章

  1. (翻译)《Hands-on Node.js》—— Why?

    事出有因 为何选择event loop? Event Loop是一种推进无阻塞I/O(网络.文件或跨进程通讯)的软件模式.传统的阻塞编程也是用一样的方式,通过function来调用I/O.但进程会在该 ...

  2. StackExchange.Redis 二次封装

    在NuGet直接搜索StackExchange.Redis,下载引用包: 帮助类: public class RedisUtils { /// <summary> /// redis配置文 ...

  3. Transactional ejb 事务陷阱

    对应ejb,默认是对整个类使用事务.所以所有方法都开启事务. 而对于用TransactionAttribute注释来引用容器管理的事务,只能在第一级的方法中使用.对应类中的方法再调用其它类中方法,注释 ...

  4. mongodb安装、远程访问设置、基本常用操作和命令以及GUI

    https://www.mongodb.com/download-center?jmp=nav下载对应OS的版本,tar -xzvf解压 对于最新版本比如3.4,windows 7下可能回报api-m ...

  5. C++ 实现sqilte创建数据库插入、更新、查询、删除

    C/C++ Interface APIs Following are important C/C++ SQLite interface routines, which can suffice your ...

  6. ORADEBUG DOC 12.1.0.2

     https://berxblog.blogspot.com/2015/01/oradebug-doc-12102.html   this is just an online docu of ORAD ...

  7. mongodb - 查看正在执行的操作

    查看正在执行的操作 db.currentOp() 查看系统执行的操作 db.currentOp(True) kill正在执行的操作 db.killOp(<operation id>) 示例 ...

  8. Redis命令学习-string类型操作

    APPEND key value     假设key已经存在,而且为字符串.那么这个命令会把value追加到原来值的末尾.假设key不存在.首先创建一个空字符串,再运行追加操作.     返回值:返回 ...

  9. 深入理解MVC C#+HtmlAgilityPack+Dapper走一波爬虫 StackExchange.Redis 二次封装 C# WPF 用MediaElement控件实现视频循环播放 net 异步与同步

    深入理解MVC   MVC无人不知,可很多程序员对MVC的概念的理解似乎有误,换言之他们一直在错用MVC,尽管即使如此软件也能被写出来,然而软件内部代码的组织方式却是不科学的,这会影响到软件的可维护性 ...

随机推荐

  1. ASP.NET中EVAL用法大全

    <%# Bind("Subject") %> //绑定字段<%# Container.DataItemIndex + 1%> //实现自动编号<%# ...

  2. word文档中查找和替换空格符和回车符

    空格符:^l 回车符:^p

  3. hadoop学习笔记:hadoop文件系统浅析

    1.什么是分布式文件系统? 管理网络中跨多台计算机存储的文件系统称为分布式文件系统. 2.为什么需要分布式文件系统了? 原因很简单,当数据集的大小超过一台独立物理计算机的存储能力时候,就有必要对它进行 ...

  4. C语言内存分配机制

    内存分配方式有三种: (1)从静态存储区域分配.内存在程序编译的时候就已经分配好,这块内存在程序的整个运行期间都存在.例如全局变量,static变量. (2)在栈上创建.在执行函数时,函数内局部变量的 ...

  5. WPF的Binding功能解析

    1,Data Binding在WPF中的地位 程序的本质是数据+算法.数据会在存储.逻辑和界面三层之间流通,所以站在数据的角度上来看,这三层都很重要.但算法在3层中的分布是不均匀的,对于一个3层结构的 ...

  6. linux win 的换行转换

    Linux和Windows和换行符不一样.Windows下是CRLF(\r\n或0d0a),Linux下是LF(\n或0a).在Linux下有时会遇到从Windows过来的文本文件,这些文件带了Win ...

  7. bat产生随机数并复制文件及生成文件列表

    有这样一个场景:我需要将同一个文件复制为上千个文件,并且文件名应为随机数.为了简单起见,不想写程序,直接写个BAT来,方便,简单,易用: 1. 搞定用BAT产生32位随机数,存为变量并使用,保存以下代 ...

  8. 使用tomcat配置文件下载服务器,自定义下载列表

    先上图,利用tomcat,这个下载界面没有代码,点击文件名即可下载 详细参考:http://tomcat.apache.org/tomcat-7.0-doc/default-servlet.html

  9. FZU 1911 Construct a Matrix

    题目链接:Construct a Matrix 题意:构造一个矩阵,要求矩阵的每行每列的和都不相同.矩阵的边长是前n项斐波那契的和. 思路:由sn = 2*(fn-1)+(fn-2)-1,只要知道第n ...

  10. HDU 5353

    题目大意: 相邻的朋友可以给出自己手上最多一颗糖,n个朋友形成一个环,问给的方式能否最后使所有朋友都糖的数量相同 这里我用的是网络流来做的,这里n=100000,用sap的模板可以跑过 #includ ...