mysqli_multi_query() 函數可用來執行多條SQL語句。
以下實例向 "MyGuests" 表添加了三條新的記錄:
實例 (MySQLi - 面向對象)
<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; // 創建鏈接 $conn = new mysqli($servername, $username, $password, $dbname); // 檢查鏈接 if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $sql = "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('John', 'Doe', '[email protected]');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Mary', 'Moe', '[email protected]');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Julie', 'Dooley', '[email protected]')"; if ($conn->multi_query($sql) === TRUE) { echo "New records created successfully"; } else { echo "Error: " . $sql . "<br>" . $conn->error; } $conn->close(); ?>
實例 (MySQLi - 面向過程)
<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; // 創建鏈接 $conn = mysqli_connect($servername, $username, $password, $dbname); // 檢查鏈接 if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } $sql = "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('John', 'Doe', '[email protected]');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Mary', 'Moe', '[email protected]');"; $sql .= "INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Julie', 'Dooley', '[email protected]')"; if (mysqli_multi_query($conn, $sql)) { echo "New records created successfully"; } else { echo "Error: " . $sql . "<br>" . mysqli_error($conn); } mysqli_close($conn); ?>
實例 (PDO)
<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDBPDO"; try { $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password); // set the PDO error mode to exception $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // 開始事務 $conn->beginTransaction(); // SQL 語句 $conn->exec("INSERT INTO MyGuests (firstname, lastname, email) VALUES ('John', 'Doe', '[email protected]')"); $conn->exec("INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Mary', 'Moe', '[email protected]')"); $conn->exec("INSERT INTO MyGuests (firstname, lastname, email) VALUES ('Julie', 'Dooley', '[email protected]')"); // commit the transaction $conn->commit(); echo "New records created successfully"; } catch(PDOException $e) { // roll back the transaction if something failed $conn->rollback(); echo $sql . "<br>" . $e->getMessage(); } $conn = null; ?>
mysqli 擴展提供了第二種方式用於插入語句。
我們可以預處理語句及綁定參數。
mysql 擴展可以不帶數據發送語句或查詢到mysql數據庫。 你可以向列關聯或 "綁定" 變量。
Example (MySQLi 使用預處理語句)
<?php $servername = "localhost"; $username = "username"; $password = "password"; $dbname = "myDB"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } else { $sql = "INSERT INTO MyGuests VALUES(?, ?, ?)"; // 為 mysqli_stmt_prepare() 初始化 statement 對象 $stmt = mysqli_stmt_init($conn); //預處理語句 if (mysqli_stmt_prepare($stmt, $sql)) { // 綁定參數 mysqli_stmt_bind_param($stmt, 'sss', $firstname, $lastname, $email); // 設置參數並執行 $firstname = 'John'; $lastname = 'Doe'; $email = '[email protected]'; mysqli_stmt_execute($stmt); $firstname = 'Mary'; $lastname = 'Moe'; $email = '[email protected]'; mysqli_stmt_execute($stmt); $firstname = 'Julie'; $lastname = 'Dooley'; $email = '[email protected]'; mysqli_stmt_execute($stmt); } } ?>
我們可以看到以上實例中使用模塊化來處理問題。我們可以通過創建代碼塊實現更簡單的讀取和管理。
注意參數的綁定。讓我們看下 mysqli_stmt_bind_param() 中的代碼:
mysqli_stmt_bind_param($stmt, 'sss', $firstname, $lastname, $email);
該函數綁定參數查詢並將參數傳遞給數據庫。第二個參數是 "sss" 。以下列表展示了參數的類型。 s 字符告訴 mysql 參數是字符串。
This argument may be one of four types:
每個參數必須指定類型,來保證數據的安全性。通過類型的判斷可以減少SQL注入漏洞帶來的風險。