在 OOP 中使用哪个更安全? [英] Which one is safer to use in OOP?
本文介绍了在 OOP 中使用哪个更安全?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在学习PDO with OOP的时候学到了这2种方法,请问哪个更安全?绑定我们使用的所有东西还是只使用?并执行它.
I learned these 2 methods in PDO with OOP when I study it and I would like to ask which is safer to use? binding everything we used or just using ? and execute it.
1:
public function query($query) {
$this->stmt = $this->dbh->prepare($query);
}
public function bind($param, $value, $type = null) {
if (is_null($type)) {
switch(true){
case is_int($value):
$type = PDO::PARAM_INT;
break;
case is_bool($value):
$type = PDO::PARAM_BOOL;
break;
case is_null($value):
$type = PDO::PARAM_NULL;
break;
default:
$type = PDO::PARAM_STR;
}
}
$this->stmt->bindValue($param, $value, $type);
}
public function execute(){
return $this->stmt->execute();
}
public function lastInsertId(){
$this->dbh->lastInsertId();
}
或 2:
public function insertRow($query, $params = []){
try {
$stmt = $this->datab->prepare($query);
$stmt->execute($params);
return TRUE;
} catch (PDOException $e) {
throw new Exception($e->getMessage());
}
}
推荐答案
你可以同时使用两者,但使用 bind 最好用类型编写所有类型而不是使用 switch 并使其简短,你可以使用 2.
you can use both but using bind it could be better with writing all with types instead using switch and to make it short you can use 2.
public function query($query, $params = []){
global $datab
$stmt = $datab->prepare($query);
$stmt->execute($params);
return $stmt;
}
这篇关于在 OOP 中使用哪个更安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
