php – PDO支持多个查询(PDO_MYSQL,PDO_MYSQLND)

我知道PDO不支持在一个语句中执行多个查询。我一直在谷歌和发现几个帖子谈论PDO_MYSQL和PDO_MYSQLND。

PDO_MySQL is a more dangerous
application than any other traditional
MySQL applications. Traditional MySQL
allows only a single SQL query. In
PDO_MySQL there is no such limitation,
but you risk to be injected with
multiple queries.

From:Protection against SQL Injection using PDO and Zend Framework (June 2010; by Julian)

看起来像PDO_MYSQL和PDO_MYSQLND确实提供对多个查询的支持,但我不能找到更多的信息。这些项目是否停产?现在有使用PDO运行多个查询的任何方式。

我知道,PDO_MYSQLND替换PHP 5.3中的PDO_MYSQL。令人困惑的部分是,名称仍然是PDO_MYSQL。所以现在ND是MySQL PDO的默认驱动程序。

总的来说,要立即执行多个查询,您需要:

> PHP 5.3
> mysqlnd
>仿真准备语句。确保PDO :: ATTR_EMULATE_PREPARES设置为1(默认)。或者,您可以避免使用预准备语句,并直接使用$ pdo-> exec。

使用exec

$db = new PDO("mysql:host=localhost;dbname=test", 'root', '');

// works regardless of statements emulation
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 0);

$sql = "
DELETE FROM car; 
INSERT INTO car(name, type) VALUES ('car1', 'coupe'); 
INSERT INTO car(name, type) VALUES ('car2', 'coupe');
";

try {
    $db->exec($sql);
}
catch (PDOException $e)
{
    echo $e->getMessage();
    die();
}

使用语句

$db = new PDO("mysql:host=localhost;dbname=test", 'root', '');

// works not with the following set to 0. You can comment this line as 1 is default
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);

$sql = "
DELETE FROM car; 
INSERT INTO car(name, type) VALUES ('car1', 'coupe'); 
INSERT INTO car(name, type) VALUES ('car2', 'coupe');
";

try {
    $stmt = $db->prepare($sql);
    $stmt->execute();
}
catch (PDOException $e)
{
    echo $e->getMessage();
    die();
}

一张纸条:

当使用模拟准备语句时,请确保您已在DSN(自5.3.6起可用)中设置正确的编码(反映实际数据编码)。否则为there can be a slight possibility for SQL injection if some odd encoding is used

http://stackoverflow.com/questions/6346674/pdo-support-for-multiple-queries-pdo-mysql-pdo-mysqlnd

本站文章除注明转载外,均为本站原创或编译
转载请明显位置注明出处:php – PDO支持多个查询(PDO_MYSQL,PDO_MYSQLND)