我正在为班级制作游戏,并决定在其中设置可能会被修改的管理区域。目前,这是多么我已经建立了一个数据库连接:我如何创建一个准备好的声明?
db_config.php:
<?php
defined('DB_SERVER') ? null : define('DB_SERVER', 'localhost');
defined('DB_USER') ? null : define('DB_USER', 'root');
defined('DB_PASS') ? null : define('DB_PASS', 'root');
defined('DB_NAME') ? null : define('DB_NAME', 'game');
?>
database.php中:
<?php
require_once('db_config.php');
class DatabaseConnect {
public function __construct($db_server, $db_user, $db_pass, $db_name) {
if ([email protected]$this->Connect($db_server, $db_user, $db_pass, $db_name)) {
echo 'Connection failed.';
} else if ($this->Connect($db_server, $db_user, $db_pass, $db_name)){
}
}
public function Connect($db_server, $db_user, $db_pass, $db_name) {
if (!mysqli_connect($db_server, $db_user, $db_pass, $db_name)) {
return false;
} else {
return true;
}
}
}
$connection = new DatabaseConnect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
?>
到现在为止我已经在我的查询和我以前mysql_real_escape_string
知道我不应该手动转义。我仍然在学习PHP,所以有些东西需要我花些时间来掌握。我查看了php.net准备的语句手册,但我不确定是否需要更改连接到数据库的方式。
所以基本上我问的是,如果我有这个查询(或与此有关的任何查询):
if (isset($_POST['submit'])) {
// Process the form
$id = $current_page["id"];
$menu_name = mysql_prep($_POST["menu_name"]);
$position = (int) $_POST["position"];
$visible = (int) $_POST["visible"];
$content = mysql_prep($_POST["content"]);
// validations
$required_fields = array("menu_name", "position", "visible", "content");
validate_presences($required_fields);
$fields_with_max_lengths = array("menu_name" => 30);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors)) {
// Perform Update
$query = "UPDATE pages SET ";
$query .= "menu_name = '{$menu_name}', ";
$query .= "position = {$position}, ";
$query .= "visible = {$visible}, ";
$query .= "content = '{$content}' ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Page updated.";
redirect_to("manage_content.php?page={$id}");
} else {
// Failure
$_SESSION["message"] = "Page update failed.";
}
}
} else {
// This is probably a GET request
} // end: if (isset($_POST['submit']))
?>
会是怎样变成一个准备好的声明?
下面是[示例](http://uk1.php.net/manual/en/mysqli-stmt.bind-param.php)。顺便说一下,使用你的'$ query'变量,你不需要重复连接来创建你的字符串 - 只需以'$ query ='开头,然后在多行写你的查询,然后用引号和半-colon。数据库引擎根本不介意额外的tabs/spaces/new-lines,并且结果是_much_更具可读性。 – halfer
(顺便说一下,小问题:我注意到你所有的问题都有一个'。 ..''省略号在标题末尾,这是不必要的,并且可能随着时间的推移调整编辑工作) – halfer
记得先搜索并阅读教程/参考文献 – user2864740