I'm just editing my search script after reading up on SQL injection attacks. I'm trying to get the same functionality out of my script using PDO instead of a regular mysql connection. So I've been reading other posts about PDO but am unsure. Will these two scripts give the same functionality?
With PDO:
$pdo = new PDO('mysql:host=$host; dbname=$database;', $user, $pass);
$stmt = $pdo->prepare('SELECT * FROM auction WHERE name = :name');
$stmt->bindParam(':name', $_GET['searchdivebay']);
$stmt->execute(array(':name' => $name);
With regular mysql:
$dbhost = @mysql_connect($host, $user, $pass) or die('Unable to connect to server');
@mysql_select_db('divebay') or die('Unable to select database');
$search = $_GET['searchdivebay'];
$query = trim($search);
$sql = "SELECT * FROM auction WHERE name LIKE '%" . $query . "%'";
if(!isset($query)){
echo 'Your search was invalid';
exit;
} //line 18
$result = mysql_query($trim);
$numrows = mysql_num_rows($result);
mysql_close($dbhost);
I go on with the regular example to use
while($i < $numrows){
$row = mysql_fetch_array($result);
to create an array of matching results from the database. How do I do this with PDO?
question from:
https://stackoverflow.com/questions/10911757/how-to-use-pdo-to-fetch-results-array-in-php 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…