PDO预处理案例
来源:互联网 发布:数据服务的公司 编辑:程序博客网 时间:2024/05/01 12:57
pdo防止sql注入预处理
1.查询
- public function dologin2(){
- $dsn = "mysql:host=127.0.0.1;dbname=php7";//pdo 连接方法
- $db = new PDO($dsn, 'root', 'root');
- $name=$_POST['name'];//$name="zhangsan' or 'a' ='a"
- $pwd=$_POST['pwd'];
- /*
- $count = $db->exec("insert into pdo1(name,pwd) value('$name','$pwd')");
- echo $count;
- */
- $sql="SELECT * FROM pdo1 where name='$name' and pwd='$pwd'";
- $sql="select * from pdo1 where name = ? and pwd = ?";
- $stmt = $db->prepare($sql);
- $exeres = $stmt->execute(array($name,$pwd));
- if ($exeres) {
- while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
- setcookie('name',$name);
- redirect("welcome/asdf");
- }
- }
-
- }
2.添加- <?php
- header("content-type:text/html;charset=utf-8");
- $ch = curl_init();
- $url ='http://apis.baidu.com/apistore/iplookupservice/iplookup?ip=117.89.65.68';
- $header = array(
- 'apikey: 10d4752cc594de7808c253fccd754832',
- );
- curl_setopt($ch, CURLOPT_HTTPHEADER , $header);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch , CURLOPT_URL , $url);
- $res = curl_exec($ch);
- $arr=json_decode($res,true);
- //print_r($json);die;
- $dsn = "mysql:host=localhost;dbname=php7";
- $pdo=new PDO($dsn,'root','root',array(PDO::MYSQL_ATTR_INIT_COMMAND=>'set names utf8'));
- $stmt=$pdo->prepare("insert into day15(ip,country,city,district,carrier,province)values(:ip,:co,:ci,:di,:ca,:pr)");
- $stmt->bindparam("ip",$arr['retData']['ip']);
- $stmt->bindparam("co",$arr['retData']['country']);
- $stmt->bindparam("ci",$arr['retData']['city']);
- $stmt->bindparam("di",$arr['retData']['district']);
- $stmt->bindparam("ca",$arr['retData']['carrier']);
- $stmt->bindparam("pr",$arr['retData']['province']);
- if($stmt->execute()){
- echo "执行成功";
- echo "最后插入的ID:".$pdo->lastInsertId();
- }else{
- echo "执行失败";
- }
- ?>
0 0