如何将此PDO代码转换为MySQLi? [英] How do I convert this PDO code to MySQLi?

问题描述

我对PHP和MySQL还是很陌生，我尝试学习如何将代码从PDO更改为MySQLi.它与我在网上找到的登录系统有关的记住我"功能，带有安全令牌和标识符. 我想学习并了解如何将代码从PDO更改为MySQLi.我知道在MySQLi中有一条创建和准备语句，我也必须绑定参数并执行.但是在这种情况下，我还是不知道如何开始.

I'm quite new to PHP and MySQL and I try to learn how to change a code from PDO to MySQLi. Its about a remember me function with a securitytoken and identifier for a login system that I found in the web. I would like to learn and understand how I can change the code from PDO to MySQLi. I know in MySQLi there is a statement create and prepare, also I have to bind parameters and execute. But in this case, I don't know how to start anyway.

$pdo = new PDO('mysql:host=localhost;dbname=dbname', 'root', '');
if (!isset($_SESSION['id']) && isset($_COOKIE['identifier']) &&
isset($_COOKIE['securitytoken'])) {
    $identifier = $_COOKIE['identifier'];
    $securitytoken = $_COOKIE['securitytoken'];

    $statement = $pdo->prepare("SELECT * FROM securitytokens WHERE identifier = ?");
    $result = $statement->execute(array($identifier));
    $securitytoken_row = $statement->fetch();

    if (sha1($securitytoken) !== $securitytoken_row['securitytoken']) {
        die('Maybe a stolen securitytoken.');
    } else {
        //Token was correct
        //Set an new token
        $neuer_securitytoken = random_string();
        $insert = $pdo->prepare("UPDATE securitytokens SET securitytoken = :securitytoken WHERE identifier = :identifier");
        $insert->execute(array('securitytoken' => sha1($neuer_securitytoken), 'identifier' => $identifier));
        setcookie("identifier", $identifier, time() + (3600 * 24 * 365)); //1 Year valid
        setcookie("securitytoken", $neuer_securitytoken, time() + (3600 * 24 * 365)); //1 Year valid

        //Loggin the user
        $_SESSION['id'] = $securitytoken_row['id'];
    }
}

推荐答案

不要这样做！ PDO更简单，并提供更多功能.

Don't do it! PDO is simpler and offers more functionality.

如果您只是想学习MySQLi，就应该牢记以下几点:

If you want to do it just to learn MySQLi then you should keep these things in mind:

1. 这是您正确打开连接的方式:

1. This is how you open the connection properly:

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = new mysqli($host, $user, $pass, $db);
$mysqli->set_charset($charset);

MySQLi中没有执行绑定.实际上，根本没有价值约束！您只能按引用绑定，并且必须指定值的类型.

There is no bind-in-execute in MySQLi. In fact there is no bind by value at all! You can only bind by reference and you have to specify the type of the value.

$statement = $mysqli->prepare("SELECT * FROM securitytokens WHERE identifier = ?");
$statement->bind_param('i', $identifier); // i for integer; s for string. 
$statement->execute();

MySQLi没有命名的占位符，因此您只需要使用位置的占位符.

MySQLi has no named placeholders, so you need to use positional ones only.

$insert = $mysqli->prepare("UPDATE securitytokens SET securitytoken = ? WHERE identifier = ?");
$sha1ResultDueToPassByRef = sha1($neuer_securitytoken);
$insert->bind_param('si', $sha1ResultDueToPassByRef, $identifier);
$insert->execute();

MySQLi的工作原理完全不同，它返回布尔值.要获得与 PDO的fetch() 相同的结果，您需要 get_result() ，然后使用 fetch_array() 或

The fetch method in MySQLi works totally differently and it returns boolean. To get the same outcome as PDO's fetch() you would need to get_result() and then use fetch_array() or fetch_assoc()

$securitytoken_row = $statement->get_result()->fetch_array();

这篇关于如何将此PDO代码转换为MySQLi?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！