問題描述

是否使用 mysqli_ 超出了這個問題的范圍.考慮使用 PDO.

Whether or not to use mysqli_ is outside the scope of this question. Consider using PDO.

需要采取哪些步驟才能將腳本從使用已棄用的mysql_ 函數(shù)轉(zhuǎn)換為mysqli_?

What steps need to be taken to convert a script from using the deprecated mysql_ functions to mysqli_?

在使用 mysqli_ 而不是 mysql 時，有什么需要做的不同嗎?

Is there anything that needs to be done differently when using mysqli_ instead of mysql?

這是一個使用 mysql_ 函數(shù)的基本腳本:

Here's a basic script using mysql_ functions:

<?php

//define host, username and password

$con = mysql_connect($host,$username,$password);
if (!$con) {
    die('Could not connect: ' . mysql_error());
}

$db_name ="db1";
mysql_select_db($dbname, $con);

$value1 = mysql_real_escape_string($input_string);

$query = 'SELECT * FROM table1 WHERE table1.col1=' . $value1 . '';
$result = mysql_query($query, $con);

while($row = mysql_fetch_assoc*$result)
{
    $col1 = $row['col1'];
    $col2 = $row['col2'];

    echo $col1 . ' ' . $col2 . '<br />';
}

mysql_close($con);
?>

推薦答案

注意: 從 mysql_ 轉(zhuǎn)換為 mysqli_ 可能不是最佳的.如果您準備將所有代碼轉(zhuǎn)換為 面向?qū)ο?

嘗試用 mysqli_ 替換 mysql_ 的所有實例并祈禱它起作用是很誘人的.你會很接近但不完全正確.

Note: Converting from mysql_ to mysqli_ may not be optimal. Consider PDO if you're prepared to convert all of your code to OOP.

It can be tempting to try to replace all instances of mysql_ with mysqli_ and pray it works. You'd be close but not quite on point.

幸運的是，mysqli_connect 與 的工作非常接近mysql_query 你可以換掉它們的函數(shù)名.

Fortunately, mysqli_connect works closely enough to mysql_query that you can just swap out their function names.

mysql_:

$con = mysql_connect($host, $username, $password);

mysqli_:

$con = mysqli_connect($host, $username, $password);

選擇數(shù)據(jù)庫

現(xiàn)在，對于mysqli_ 庫中的大多數(shù)其他函數(shù)，您需要將mysqli_select_db 數(shù)據(jù)庫連接作為其第一范圍.大多數(shù)mysqli_ 函數(shù)首先需要連接對象.

Selecting a database

Now, with most of the other functions in the mysqli_ library, you'll need to pass mysqli_select_db the database connection as its first parameter. Most of the mysqli_ functions require the connection object first.

對于這個函數(shù)，你可以切換傳遞給函數(shù)的參數(shù)的順序.如果您之前沒有向它傳遞連接對象，現(xiàn)在必須將其添加為第一個參數(shù).

For this function, you can just switch the order of the arguments you pass to the function. If you didn't pass it a connection object before, you have to add it as the first parameter now.

mysql_:

mysql_select_db($dbname, $con);

mysqli_:

mysqli_select_db($con, $dbname);

作為獎勵，您還可以將數(shù)據(jù)庫名稱作為第四個參數(shù)傳遞給 mysqli_connect - 繞過調(diào)用 mysqli_select_db 的需要.

As a bonus, you can also pass the database name as the fourth parameter to mysqli_connect - bypassing the need to call mysqli_select_db.

$con = mysqli_connect($host, $username, $password, $dbname);

清理用戶輸入

使用mysqli_real_escape_string 與mysql_real_escape_string 非常相似.您只需要將連接對象作為第一個參數(shù)傳遞.

Sanitize user input

Using mysqli_real_escape_string is very similar to mysql_real_escape_string. You just need to pass the connection object as the first parameter.

mysql_:

$value1 = mysql_real_escape_string($input_string);

mysqli_:

$value1 = mysqli_real_escape_string($con, $input_string);

非常重要:準備和運行查詢

mysql_ 函數(shù)開始被棄用的一個原因是它們無法處理準備好的語句.如果您只是將代碼轉(zhuǎn)換為 mysqli_ 而沒有采取這一重要步驟，那么您將受到 mysql_ 函數(shù)的一些最大弱點的影響.

Very Important: Preparing and Running a Query

One reason the mysql_ functions were deprecated to begin with was their inability to handle prepared statements. If you simply convert your code to mysqli_ without taking this important step, you are subject to some of the largest weaknesses of the mysql_ functions.

值得閱讀這些關(guān)于準備好的語句及其好處的文章:

It's worth reading these articles on prepared statements and their benefits:

維基百科 - 準備好的聲明

PHP.net - MySQLi 準備好的語句

注意:使用準備好的語句時，最好明確列出您嘗試查詢的每一列，而不是使用 * 符號來查詢所有列.通過這種方式，您可以確保在對 mysqli_stmt_bind_result 的調(diào)用中考慮了所有列.

Note: When using prepared statements, it's best to explicitly list each column you're attempting to query, rather than using the * notation to query all columns. This way you can ensure you've accounted for all of the columns in your call to mysqli_stmt_bind_result.

mysql_:

$query = 'SELECT * FROM table1 WHERE table1.col1=' . $value1 . '';
$result = mysql_query($query, $con);
while($row = mysql_fetch_assoc*$result)
{
    $col1 = $row['col1'];
    $col2 = $row['col2'];

    echo $col1 . ' ' . $col2 . '<br />';
}

mysqli_:

$query = 'SELECT col1,col2 FROM table1 WHERE table1.col1=?';
if ($stmt = mysqli_prepare($link, $query)) {

    /* pass parameters to query */
    mysqli_stmt_bind_param($stmt, "s", $value1);

    /* run the query on the database */
    mysqli_stmt_execute($stmt);

    /* assign variable for each column to store results in */
    mysqli_stmt_bind_result($stmt, $col1, $col2);

    /* fetch values */
    while (mysqli_stmt_fetch($stmt)) {
        /*
            on each fetch, the values for each column 
            in the results are automatically stored in 
            the variables we assigned using 
            "mysqli_stmt_bind_result"
        */
        echo $col1 . ' ' . $col2 . '<br />';
    }

    /* close statement */
    mysqli_stmt_close($stmt);
}

顯示錯誤

顯示錯誤的方式與 mysqli_ 略有不同.mysqli_error 需要連接對象作為其第一個參數(shù).但是如果連接失敗怎么辦?mysqli_ 引入了一小組不需要連接對象的函數(shù):mysqli_connect_* 函數(shù).

Showing errors

Showing errors works a little differently with mysqli_. mysqli_error requires the connection object as its first parameter. But what if the connection failed? mysqli_ introduces a small set of functions that don't require the connection object: the mysqli_connect_* functions.

mysql_:

if (!$con) {
    die('Could not connect: ' . mysql_error());
}

if (!$result) {
    die('SQL Error: ' . mysql_error());
}

mysqli_:

/* check connection error*/
if (mysqli_connect_errno()) {
    die( 'Could not connect: ' . mysqli_connect_error() );
}

/* check query error */
if ($stmt = mysqli_prepare($link, $query)) {

    // ... execute query

    if (mysqli_stmt_error($stmt)) {
        echo 'SQL Error: ' . mysqli_stmt_error($stmt);
    }
}

這篇關(guān)于如何將使用 mysql_ 函數(shù)的腳本轉(zhuǎn)換為使用 mysqli_ 函數(shù)?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！