开发者

Using PDO to create a mysql query function, wont insert rows

问答 作者:

Trying to get a grasp of using PDO, and I'm using some pre-made functions to make things simpler for when I want to do a query. First one connects, second runs the query.

Unfortunately it won't let me INSERT rows using dbquery(). SELECT works fine, just can't seem to get anything else to work.

Here's the code:

function dbConnect() 
  {
  global $dbh;

  $dbInfo['database_target'] = "localhost";
  $dbInfo['database_name'] = "mysqltester";
  $dbInfo['username'] = "root";
  $dbInfo['password'] = "password";

  $dbConnString = "mysql:host=" . $dbInfo['database_target'] . "; dbname=" . $dbInfo['database_name'];
  $dbh = new PDO($dbConnString, $dbInfo['username'], $dbInfo['password']);
  $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  $error = $dbh->errorInfo();

  if($error[0] != "") 
    {
    print "<p>DATABASE CONNECTION ERROR:</p>";
    print_r($error);
    }
  }

function dbQuery($queryString) 
  {
  global $dbh;

  $query = $dbh->query($queryString);
  $i = 0;

  foreach ($query as $query2) 
    {
    $queryReturn[$i] = $query2;
    $i++;
    }

  if($i > 1) 
    {
    return $queryReturn;
    }
    else
    {
    return $queryReturn[0];
开发者_如何学Python    }
  }

PDO::query Only works with queries that return a result set (e.g. SELECT)

For INSERT/UPDATE/DELETE see PDO::exec

If you are going to be inserting user provided data into your DBMS I strongly suggest using the prepared statement functionality of PDO to provide automatic escaping to prevent SQL injection.

e.g.

<?php
$stmt = $dbh->prepare("INSERT INTO tester1 (name, age) VALUES (?, ?)");
$stmt->execute(array('James',25));

See PDO::prepare and PDOStatement::execute

继续阅读:pdophp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9