从MySQL翻译的PHP PDO问题 [英] Php PDO issues translating from mysql
问题描述
好吧,即使经过2天尝试转换所有内容,我也仍然很难掌握PDO.
Okay, I'm really struggling to get to grasps with PDO, even after 2 days of trying to convert everything.
我现在处于为$user_data['???']创建数组的阶段,这就是我所拥有的.
I'm now at the stage of creating an array for the $user_data['???'] And here's what I've got.
if (logged_in() === true) {
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id, 'id', 'username', 'password', 'email', 'active', 'coins');
$user_id = $user_data['id'];
if (user_active($user_data['username'] === false) {
session_destroy();
header('Location: index.php');
exit();
}
}
所以这就是我获取$user_data['???']数据的方法.
So that's my way of getting the data for $user_data['???'] The functions to go with it are..
function user_data($user_id){
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$data = //mysql_fetch_assoc(//mysql_query("SELECT $fields FROM `users` WHERE `user_id` = $user_id"));
return $data;
}
}
function user_active($username) {
$username = sanitize($username);
$query = //mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1");
return (//mysql_result($query, 0) == 1) ? true : false;
}
我正在拔头发,试图弄清楚如何将其转换为PDO,有人可以给我任何帮助吗?
I'm pulling my hair out trying to figure out how to convert this into PDO, can anyone give me any help?
此外,在将其转换为PDO之后.说简单的Welcome <?php $user_data['username'] ?>, Hope you enjoy your stay!消息欢迎用户,还是现在需要使用一种完全不同的方法?
Also, after I do convert it to PDO. Would it be as simple for to say welcome the user with a simple message of Welcome <?php $user_data['username'] ?>, Hope you enjoy your stay! or would I need to use a completely different method now?
提前谢谢!
推荐答案
因此,通过示例代码的外观,我得到的印象是您正从不赞成使用的mysql扩展迁移到PDO.
So by the looks of the example code I get the impression that you're migrating from the deprecated mysql extension over to PDO.
mysql扩展确实使您不寒而栗,这是因为如果您未将mysql链接资源指定为mysql_query,它将使用由mysql_connect创建的最后创建的链接资源.一旦开始使用PDO,您将必须在user_data和user_active函数中使用PDO连接.最简单的方法是在每个功能中创建一个PDO连接,这是非常重复的,根本不是一个好的解决方案,但它可以工作.
Something the mysql extension does that may be tripping you up is that if you don't specify the mysql link resource to mysql_query it uses the lastly created link resource that was created by mysql_connect. Once you move to using PDO you're going to have to have the PDO connection available in the user_data and user_active functions. The simplest approach would be to create a PDO connection in each function, it's terribly repetitive and not a good solution at all, but it works.
代码中的 sql注入漏洞也存在一些问题.除此之外,您可以编写如下功能:
There are also some issues with sql injection vulnerabilities in the code. Aside from that you could write the functions like this:
<?php
function user_data($user_id){
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
// connect to the DB
$dsn = 'mysql:dbname=<your_db_name>;host=127.0.0.1';
$user = '<your_db_user>';
$password = '<your_db_user_password>';
$dbh = new PDO($dsn, $user, $password);
// request the data
$fields = '`' . implode('`, `', $func_get_args) . '`';
$sql = sprintf('select %s from users where user_id = ? limit 1', $fields);
$stmt = $dbh->prepare($sql);
$stmt->execute(array($userid));
$data = $stmt->fetch(PDO::FETCH_ASSOC);
return $data;
}
}
function user_active($username) {
$username = sanitize($username);
// connect to the DB
$dsn = 'mysql:dbname=<your_db_name>;host=127.0.0.1';
$user = '<your_db_user>';
$password = '<your_db_user_password>';
$dbh = new PDO($dsn, $user, $password);
$sql = 'select count(user_id) from users where username = ? and active';
$stmt = $dbh->prepare($sql);
$stmt->execute(array($username));
return $stmt->fetchColumn() == 1;
}
希望有帮助.
这篇关于从MySQL翻译的PHP PDO问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
