Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/278.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/56.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
PHP/MySQL多个查询可以吗?_Php_Mysql - Fatal编程技术网
Fatal编程技术网
  • php/
  • PHP/MySQL多个查询可以吗?

PHP/MySQL多个查询可以吗?

php mysql

PHP/MySQL多个查询可以吗?,php,mysql,Php,Mysql,我的问题是关于性能和脚本优化。我对PHP相当陌生,我有以下几点: $Connection = new mysqli($Server, $DBUsername, $DBPassword, $DBName); $Connection->query("UPDATE Basket SET Apples='$Apples', Oranges='$Oranges', Bananas='$Bananas' WHERE BasketName='$BasketName'"); $Connection-&g

我的问题是关于性能和脚本优化。我对PHP相当陌生,我有以下几点:

$Connection = new mysqli($Server, $DBUsername, $DBPassword, $DBName);
$Connection->query("UPDATE Basket SET Apples='$Apples', Oranges='$Oranges', Bananas='$Bananas' WHERE BasketName='$BasketName'"); 
$Connection->query("UPDATE Bag SET Napkins='$Napkins' WHERE BagName='$BagName'");
$Connection->query("UPDATE Drinks SET Water='$Water' WHERE DrinksName='$DrinksName'");
我有多个$Connection->query,每个表一个,这样可以吗?还是有更好的方法可以更快地编写此命令?

首先,您的代码容易受到攻击。您应该尽快切换到准备好的报表

使用mysqli\u real\u escape\u字符串不足以阻止SQL注入。看

准备好的声明的一部分:

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// prepare and bind
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);

// set parameters and execute
$firstname = "John";
$lastname = "Doe";
$email = "john@example.com";
$stmt->execute();

首先,您的代码容易受到攻击。您应该尽快切换到准备好的报表

使用mysqli\u real\u escape\u字符串不足以阻止SQL注入。看

准备好的声明的一部分:


<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// prepare and bind
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);

// set parameters and execute
$firstname = "John";
$lastname = "Doe";
$email = "john@example.com";
$stmt->execute();



您可以使用多重查询,并且在进行多重查询时,使用准备好的语句。您对sql注入开放。您能给我一个示例来说明您的意思吗?我从URL获取变量,并使用以下内容来防止sql注入:$BasketName=mysqli\u real\u escape\u string($Connection,$\u GET['BasketName']);这还不够吗?您可以使用多重查询,在进行查询时,使用准备好的语句。您对sql注入开放。您能给我一个示例来说明您的意思吗?我从URL获取变量,并使用以下内容来防止sql注入:$BasketName=mysqli\u real\u escape\u string($Connection,$\u GET['BasketName']);这还不够吗?np:)将删除prev comment np:)将删除prev comment