我正在爲班級製作遊戲,並決定在其中設置可能會被修改的管理區域。目前,這是多麼我已經建立了一個數據庫連接:我如何創建一個準備好的聲明?
db_config.php:
<?php
defined('DB_SERVER') ? null : define('DB_SERVER', 'localhost');
defined('DB_USER') ? null : define('DB_USER', 'root');
defined('DB_PASS') ? null : define('DB_PASS', 'root');
defined('DB_NAME') ? null : define('DB_NAME', 'game');
?>
database.php中:
<?php
require_once('db_config.php');
class DatabaseConnect {
public function __construct($db_server, $db_user, $db_pass, $db_name) {
if ([email protected]$this->Connect($db_server, $db_user, $db_pass, $db_name)) {
echo 'Connection failed.';
} else if ($this->Connect($db_server, $db_user, $db_pass, $db_name)){
}
}
public function Connect($db_server, $db_user, $db_pass, $db_name) {
if (!mysqli_connect($db_server, $db_user, $db_pass, $db_name)) {
return false;
} else {
return true;
}
}
}
$connection = new DatabaseConnect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
?>
到現在爲止我已經在我的查詢和我以前mysql_real_escape_string
知道我不應該手動轉義。我仍然在學習PHP,所以有些東西需要我花些時間來掌握。我查看了php.net準備的語句手冊,但我不確定是否需要更改連接到數據庫的方式。
所以基本上我問的是,如果我有這個查詢(或與此有關的任何查詢):
if (isset($_POST['submit'])) {
// Process the form
$id = $current_page["id"];
$menu_name = mysql_prep($_POST["menu_name"]);
$position = (int) $_POST["position"];
$visible = (int) $_POST["visible"];
$content = mysql_prep($_POST["content"]);
// validations
$required_fields = array("menu_name", "position", "visible", "content");
validate_presences($required_fields);
$fields_with_max_lengths = array("menu_name" => 30);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors)) {
// Perform Update
$query = "UPDATE pages SET ";
$query .= "menu_name = '{$menu_name}', ";
$query .= "position = {$position}, ";
$query .= "visible = {$visible}, ";
$query .= "content = '{$content}' ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Page updated.";
redirect_to("manage_content.php?page={$id}");
} else {
// Failure
$_SESSION["message"] = "Page update failed.";
}
}
} else {
// This is probably a GET request
} // end: if (isset($_POST['submit']))
?>
會是怎樣變成一個準備好的聲明?
下面是[示例](http://uk1.php.net/manual/en/mysqli-stmt.bind-param.php)。順便說一下,使用你的'$ query'變量,你不需要重複連接來創建你的字符串 - 只需以'$ query ='開頭,然後在多行寫你的查詢,然後用引號和半-colon。數據庫引擎根本不介意額外的tabs/spaces/new-lines,並且結果是_much_更具可讀性。 – halfer
(順便說一下,小問題:我注意到你所有的問題都有一個'。 ..''省略號在標題末尾,這是不必要的,並且可能隨着時間的推移調整編輯工作) – halfer
記得先搜索並閱讀教程/參考文獻 – user2864740