我的问题是关于性能和脚本优化。我对 PHP 相当陌生,我有如下内容:
$Connection = new mysqli($Server, $DBUsername, $DBPassword, $DBName);
$Connection->query("UPDATE Basket SET Apples='$Apples', Oranges='$Oranges', Bananas='$Bananas' WHERE BasketName='$BasketName'");
$Connection->query("UPDATE Bag SET Napkins='$Napkins' WHERE BagName='$BagName'");
$Connection->query("UPDATE Drinks SET Water='$Water' WHERE DrinksName='$DrinksName'");
我可以有多个 $Connection->query,每个表一个,还是有更好的方法可以更快地编写它?
最佳答案
首先,您的代码容易受到 SQL injection 的攻击。您应该尽快切换到准备好的语句。
使用 mysqli_real_escape_string 不足以防止 SQL 注入(inject)。参见 Is “mysqli_real_escape_string” enough to avoid SQL injection or other SQL attacks?
安example准备好的声明:
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
// set parameters and execute
$firstname = "John";
$lastname = "Doe";
$email = "john@example.com";
$stmt->execute();
回答你原来的问题。您可以使用 mysqli::multi_query 。我个人认为,如果将查询拆分为每个查询,它会更清晰。
关于PHP/MySQL 多个查询可以吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50133820/