A prepared statement is a feature used to execute the same/similar SQL statement repeatedlly with high efficiency.

Prepared statement basically work like this:

  Prepared: An SQL statement template is created and sent to the database.Certain values are left unspecified, called parameters(?)

  The database parses, compiles, and performs query optimization on the SQL statement template, and stores the result without executing it.

  Execute: At a later time, the application binds the values to the parameters, and the database executes the statement.The application may execute the statement as many times as it wants with differenet values.

Compared to executing SQL statements directly, prepared statements have 2 main advantages:

  Prepared statements reduces parsing time as the preparation on the query is done only once

  Bound parameters minimize bandwidth to the server as you need send only the parameters each time, and not the whole query

  Prepared statements are very useful against SQL injections, because parameter values, which are transmitted later using a different protocol, need not be correctly escaped.If the original statement template is not derived from external input, SQL injection cannot occur.

 

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDB";

  

  $conn = new mysqli($servername, $username, $password, $dbname);

  if($conn -> connect_error){

    die("Connection failed:" . $conn -> connect_error);

  }

   

  $stmt = $conn ->prepare("INSERT INTO MyTable(firstname, lastname, email) VALUES (?, ? , ?)");

  <!-- the first paramters tells the database what the parameters are sss means three parameters are all string type  -->

  <!--       i --integer    d -- double     s--string     b--BLOB        -->

  $stmt ->bind_parem("sss", $firstname, $lastname, $email);

  

  $firstname = "John";

  $lastname = "Doe";

  $email = "john@xx.com";

  $stmt -> execute();

  $firstname = "Mary";

  $lastname = "Moe";

  $email = "mary@xx.com";

  $stmt -> execute();

   

  $stmt -> close();

  $conn -> close();

?>

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDBPDO";

  

  try{

    $conn = new PDO("mysql:host=$servername; dbname=$dbname", $username, $password);

    $conn -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

  

    $stmt = $conn ->prepare("INSERT INTO MyTable(firstname, lastname, email) VALUES(:firstname, :lastname, :email)");

    $stmt ->bindParam

  }catch(PDOException $e){

    error "Errpr: " .$ e -> getMessage();

  }

  

  $conn = null;

?>

<?php

  $servername = "localhost";

  $username = "username";

  $password = "password";

  $dbname = "myDB";

  

  $conn = new mysqli($servername,  $username, $password, $dbname);

  if($conn -> connect_error){

    die("Connection failed:" . $conn -> connect_error);

  }

  if($result -> num_rows > 0){

    while($row = $result -> fetch_assoc()){

      echo "id:" .$row["id"]. "- Name:" . $row["fistname"] . " " .$row["lastname"] . "<br>";

    }

  }else{

    echo "0 results";

  }

  $conn -> close();

?>

DB other operation的更多相关文章

  1. (翻译)《Hands-on Node.js》—— Why?

    事出有因 为何选择event loop? Event Loop是一种推进无阻塞I/O(网络.文件或跨进程通讯)的软件模式.传统的阻塞编程也是用一样的方式,通过function来调用I/O.但进程会在该 ...

  2. StackExchange.Redis 二次封装

    在NuGet直接搜索StackExchange.Redis,下载引用包: 帮助类: public class RedisUtils { /// <summary> /// redis配置文 ...

  3. Transactional ejb 事务陷阱

    对应ejb,默认是对整个类使用事务.所以所有方法都开启事务. 而对于用TransactionAttribute注释来引用容器管理的事务,只能在第一级的方法中使用.对应类中的方法再调用其它类中方法,注释 ...

  4. mongodb安装、远程访问设置、基本常用操作和命令以及GUI

    https://www.mongodb.com/download-center?jmp=nav下载对应OS的版本,tar -xzvf解压 对于最新版本比如3.4,windows 7下可能回报api-m ...

  5. C++ 实现sqilte创建数据库插入、更新、查询、删除

    C/C++ Interface APIs Following are important C/C++ SQLite interface routines, which can suffice your ...

  6. ORADEBUG DOC 12.1.0.2

     https://berxblog.blogspot.com/2015/01/oradebug-doc-12102.html   this is just an online docu of ORAD ...

  7. mongodb - 查看正在执行的操作

    查看正在执行的操作 db.currentOp() 查看系统执行的操作 db.currentOp(True) kill正在执行的操作 db.killOp(<operation id>) 示例 ...

  8. Redis命令学习-string类型操作

    APPEND key value     假设key已经存在,而且为字符串.那么这个命令会把value追加到原来值的末尾.假设key不存在.首先创建一个空字符串,再运行追加操作.     返回值:返回 ...

  9. 深入理解MVC C#+HtmlAgilityPack+Dapper走一波爬虫 StackExchange.Redis 二次封装 C# WPF 用MediaElement控件实现视频循环播放 net 异步与同步

    深入理解MVC   MVC无人不知,可很多程序员对MVC的概念的理解似乎有误,换言之他们一直在错用MVC,尽管即使如此软件也能被写出来,然而软件内部代码的组织方式却是不科学的,这会影响到软件的可维护性 ...

随机推荐

  1. Servlet的尾(yi)巴---filter ( 过滤器 )的小应用

    该,该,该.......,继之前说到的 Filter 现在用这个来做一个小小的应用---------->  铛,铛,铛,铛.....  ->_->      <丑逼的留言板&g ...

  2. IO流--文件处理

    import java.io.*; public class io { public static void main(String[] args) { ListDemo(); File dir = ...

  3. collectionView初始化

    collectionView初始化时一定要加layout.不然会报错: UICollectionView must be initialized with a non-nil layout param ...

  4. java二维数组简单初步理解

    二维数组 二维数组本质上是以数组作为数组元素的数组,即“数组的数组”. int[][] arr = {{1, 2, 3}, {4, 5, 6}}; System.out.println(arr[0][ ...

  5. android 回调的理解(结合接口)

    什么是回调 回调其实是一种双向调用模式,也就是调用方在接口被调用时也会调用对方的接口.通俗的解释为:类A调用了类B中的方法1,然后类B最后又反过来调用类A中的方法2,即把结果返回给类A. 回调的具体实 ...

  6. 137. Single Number II——问题是查找,本质是hash查找,只是记录的是32 bit中各个位出现次数而已

    Given an array of integers, every element appears three times except for one. Find that single one. ...

  7. [原创]Keys的基本操作总结,判断Keys中是否存在Keys.Control|Keys.Alt,移除Keys中的部分键值。

    直接看应用实例 /// <summary> /// 组合键转换成字符串类型 /// </summary> /// <param name="keyCode&qu ...

  8. idea tomcat +eclipse式的部署

    使用习惯了eclipse, 还没开始使用maven, 使用idea 有些不太习惯,现在记录下来,以备忘. /*这一步在tomcat使用external source时,其实是不起作用的**/   a. ...

  9. ACTIVITI 源码研究之命令模式执行

    ACTIVITI 是一个优秀开源软件,通过阅读源码,我们不但可以了解工作流引擎执行的原理还可以增加个人的编码功力. ACTIVITI 所有执行过程都是采用命令模式进行执行. 本文主要描述流程引擎数据保 ...

  10. Octopus系列之开发过程各个技术点

    自定义了页面周期 使用唯一的一个VelocityEngine全局的静态实例,优化了小泥鳅blog中每次请求都要创建VelocityEngine实例对象,减少了对象的开销 通过UA判断请求来自的设备,从 ...