The 5th Annual China PHP Conference

La classe mysqli

(PHP 5, PHP 7)

Introduction

Représente une connexion entre PHP et une base de données MySQL.

Synopsis de la classe

mysqli {
/* Propriétés */
string $client_info;
int $errno;
string $error;
int $client_version;
string $host_info;
string $server_info;
string $info;
string $sqlstate;
/* Méthodes */
__construct ([ string $host = ini_get("mysqli.default_host") [, string $username = ini_get("mysqli.default_user") [, string $passwd = ini_get("mysqli.default_pw") [, string $dbname = "" [, int $port = ini_get("mysqli.default_port") [, string $socket = ini_get("mysqli.default_socket") ]]]]]] )
bool autocommit ( bool $mode )
bool change_user ( string $user , string $password , string $database )
string character_set_name ( void )
bool close ( void )
bool commit ([ int $flags [, string $name ]] )
bool debug ( string $message )
bool dump_debug_info ( void )
object get_charset ( void )
string get_client_info ( void )
bool get_connection_stats ( void )
mysqli_warning get_warnings ( void )
mysqli init ( void )
bool kill ( int $processid )
bool more_results ( void )
bool multi_query ( string $query )
bool next_result ( void )
bool options ( int $option , mixed $value )
bool ping ( void )
public static int poll ( array &$read , array &$error , array &$reject , int $sec [, int $usec ] )
mysqli_stmt prepare ( string $query )
mixed query ( string $query [, int $resultmode = MYSQLI_STORE_RESULT ] )
bool real_connect ([ string $host [, string $username [, string $passwd [, string $dbname [, int $port [, string $socket [, int $flags ]]]]]]] )
string escape_string ( string $escapestr )
bool real_query ( string $query )
public mysqli_result reap_async_query ( void )
public bool refresh ( int $options )
bool rollback ([ int $flags [, string $name ]] )
int rpl_query_type ( string $query )
bool select_db ( string $dbname )
bool send_query ( string $query )
bool set_charset ( string $charset )
bool set_local_infile_handler ( mysqli $link , callable $read_func )
bool ssl_set ( string $key , string $cert , string $ca , string $capath , string $cipher )
string stat ( void )
mysqli_stmt stmt_init ( void )
mysqli_result store_result ([ int $option ] )
mysqli_result use_result ( void )
}

Sommaire

add a note add a note

User Contributed Notes 1 note

up
0
Vasiliy Makogon
14 hours ago
The main drawbacks of all libraries for working with the database in PHP are:

1. Verbosity

    To prevent SQL injection, developers have two ways:

        - Use prepared requests.
        - Manually escaping parameters going into the body of an SQL query. String parameters are run via mysqli_real_escape_string (), and the expected numeric parameters lead to the corresponding types - int and float.

    Both approaches have enormous disadvantages:

        - Prepared queries are awfully verbose. To use "out of the box" the abstraction of PDO or the extension of mysqli, without aggregating all methods to get data from the DBMS is simply impossible - to get the value from the table you need to write a minimum of 5 lines of code! And so for every request!
        - Manual screening of parameters going to the body of an SQL query is not even discussed. A good programmer is a lazy programmer. Everything should be as automated as possible.

2. Failed to get SQL query for debugging

    To understand why the SQL-query does not work in the program, it needs to be debugged - to find either a logical or a syntactic error. To find the error, it is necessary to "see" the SQL query itself, to which the database was "bent", with parameters set in its body. Those. To have a fully-formed SQL.
    If the developer uses the PDO, with the requests being prepared, then this is done ... IMPOSSIBLE! No maximum convenient mechanisms for this in their native libraries are FOREWORD. It remains either to pervert, or climb into the database log.

Solution: Database - class for working with MySql - github.com/Vasiliy-Makogon/Database

     Eliminates the verbosity - instead of 3 or more lines of code for execution of one query when using the "native" library, you write only 1!
     Shields all parameters going to the body of the request, according to the specified type of placeholders - reliable protection against SQL injections.
     It does not replace the functionality of the "native" mysqli adapter, but simply complements it.

What are placeholders?

Placeholders are special typed markers that are written in the SQL query string instead of explicit values (query parameters). And the values themselves are passed "later", as subsequent arguments to the main method that executes the SQL query:

<?php
// Connect to the DBMS and get the Database_Mysql object
// Database_Mysql - "wrapper" over the "native" mysqli object
$db = Database_Mysql::create ("localhost", "root", "password")
      
// Select the database
      
-> setDatabaseName ("test")
      
// Select the character set
      
-> setCharset ("utf8");

// Get the result object Database_Mysql_Statement
// Database_Mysql_Statement - "wrapper" over the "native" object mysqli_result
$result = $db->query ("SELECT * FROM` users` WHERE `name` = '? S' AND` age` =? I "," Basil ", 30);

// Get the data (in the form of an associative array, for example)
$data = $result->fetch_assoc();

// Does the query not work? No problem - print it out:
echo $db->getQueryString();
?>

SQL query parameters passed through the placeholders system are processed by special screening functions, depending on the type of placeholders.

More information see on github.com/Vasiliy-Makogon/Database
To Top