如何使用mysql_函数将脚本转换为使用mysqli_函数? [英] How do I convert a script using mysql_ functions to use mysqli_ functions?
问题描述
编辑:是否使用mysqli_在此问题的范围之外.考虑使用PDO.
Whether or not to use mysqli_ is outside the scope of this question. Consider using PDO.
需要采取什么步骤将脚本从使用不推荐使用的mysql_函数转换为mysqli_?
What steps need to be taken to convert a script from using the deprecated mysql_ functions to mysqli_?
使用mysqli_而不是mysql时是否需要以其他方式进行其他操作?
Is there anything that needs to be done differently when using mysqli_ instead of mysql?
这是使用mysql_函数的基本脚本:
Here's a basic script using mysql_ functions:
<?php
//define host, username and password
$con = mysql_connect($host,$username,$password);
if (!$con) {
die('Could not connect: ' . mysql_error());
}
$db_name ="db1";
mysql_select_db($dbname, $con);
$value1 = mysql_real_escape_string($input_string);
$query = 'SELECT * FROM table1 WHERE table1.col1=' . $value1 . '';
$result = mysql_query($query, $con);
while($row = mysql_fetch_assoc*$result)
{
$col1 = $row['col1'];
$col2 = $row['col2'];
echo $col1 . ' ' . $col2 . '<br />';
}
mysql_close($con);
?>
推荐答案
注意:从mysql_转换为 可能不是最佳选择.如果您准备将所有代码转换为 PDO php.net/manual/en/language.oop5.php">OOP .
尝试用mysqli_替换mysql_的所有实例并祈祷它能起作用是很诱人的.您会很亲密,但不是很准时.
Note: Converting from mysql_ to mysqli_ may not be optimal. Consider PDO if you're prepared to convert all of your code to OOP.
It can be tempting to try to replace all instances of mysql_ with mysqli_ and pray it works. You'd be close but not quite on point.
幸运的是, mysqli_connect 与mysql_query的配合足够紧密,您可以交换列出他们的功能名称.
Fortunately, mysqli_connect works closely enough to mysql_query that you can just swap out their function names.
mysql _:
$con = mysql_connect($host, $username, $password);
mysqli _:
$con = mysqli_connect($host, $username, $password);
选择数据库
现在,利用mysqli_库中的大多数其他功能,您需要将mysqli_select_db数据库连接作为其 first 参数传递.大多数mysqli_函数首先需要连接对象.
Selecting a database
Now, with most of the other functions in the mysqli_ library, you'll need to pass mysqli_select_db the database connection as its first parameter. Most of the mysqli_ functions require the connection object first.
对于此函数,您只需切换传递给该函数的参数的顺序即可.如果您之前未将其传递给连接对象,则您现在必须将其添加为第一个参数.
For this function, you can just switch the order of the arguments you pass to the function. If you didn't pass it a connection object before, you have to add it as the first parameter now.
mysql _:
mysql_select_db($dbname, $con);
mysqli _:
mysqli_select_db($con, $dbname);
此外,您还可以将数据库名称作为第四个参数传递给mysqli_connect-无需调用mysqli_select_db.
As a bonus, you can also pass the database name as the fourth parameter to mysqli_connect - bypassing the need to call mysqli_select_db.
$con = mysqli_connect($host, $username, $password, $dbname);
清理用户输入
使用mysqli_real_escape_string与mysql_real_escape_string非常相似.您只需要传递连接对象作为第一个参数.
Sanitize user input
Using mysqli_real_escape_string is very similar to mysql_real_escape_string. You just need to pass the connection object as the first parameter.
mysql _:
$value1 = mysql_real_escape_string($input_string);
mysqli _:
$value1 = mysqli_real_escape_string($con, $input_string);
非常重要:准备和运行查询
不推荐使用mysql_函数的原因之一是它们无法处理准备好的语句.如果您只是简单地将代码转换为mysqli_而没有采取此重要步骤,则您会遇到mysql_函数的一些最大弱点.
Very Important: Preparing and Running a Query
One reason the mysql_ functions were deprecated to begin with was their inability to handle prepared statements. If you simply convert your code to mysqli_ without taking this important step, you are subject to some of the largest weaknesses of the mysql_ functions.
值得阅读有关准备好的语句及其好处的这些文章:
It's worth reading these articles on prepared statements and their benefits:
注意:使用预处理语句时,最好显式列出要尝试查询的每一列,而不是使用*表示法查询所有列.这样,您可以确保已计入对mysqli_stmt_bind_result的调用中的所有列.
Note: When using prepared statements, it's best to explicitly list each column you're attempting to query, rather than using the * notation to query all columns. This way you can ensure you've accounted for all of the columns in your call to mysqli_stmt_bind_result.
mysql _:
$query = 'SELECT * FROM table1 WHERE table1.col1=' . $value1 . '';
$result = mysql_query($query, $con);
while($row = mysql_fetch_assoc*$result)
{
$col1 = $row['col1'];
$col2 = $row['col2'];
echo $col1 . ' ' . $col2 . '<br />';
}
mysqli_:
$query = 'SELECT col1,col2 FROM table1 WHERE table1.col1=?';
if ($stmt = mysqli_prepare($link, $query)) {
/* pass parameters to query */
mysqli_stmt_bind_param($stmt, "s", $value1);
/* run the query on the database */
mysqli_stmt_execute($stmt);
/* assign variable for each column to store results in */
mysqli_stmt_bind_result($stmt, $col1, $col2);
/* fetch values */
while (mysqli_stmt_fetch($stmt)) {
/*
on each fetch, the values for each column
in the results are automatically stored in
the variables we assigned using
"mysqli_stmt_bind_result"
*/
echo $col1 . ' ' . $col2 . '<br />';
}
/* close statement */
mysqli_stmt_close($stmt);
}
显示错误
显示错误与mysqli_的工作原理略有不同. mysqli_error 需要连接对象作为其第一个参数.但是,如果连接失败怎么办? mysqli_引入了一些不需要连接对象的函数: mysqli_connect_* 函数.
Showing errors
Showing errors works a little differently with mysqli_. mysqli_error requires the connection object as its first parameter. But what if the connection failed? mysqli_ introduces a small set of functions that don't require the connection object: the mysqli_connect_* functions.
mysql _:
if (!$con) {
die('Could not connect: ' . mysql_error());
}
if (!$result) {
die('SQL Error: ' . mysql_error());
}
mysqli _:
/* check connection error*/
if (mysqli_connect_errno()) {
die( 'Could not connect: ' . mysqli_connect_error() );
}
/* check query error */
if ($stmt = mysqli_prepare($link, $query)) {
// ... execute query
if (mysqli_stmt_error($stmt)) {
echo 'SQL Error: ' . mysqli_stmt_error($stmt);
}
}
这篇关于如何使用mysql_函数将脚本转换为使用mysqli_函数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
