我们都知道mysql在phpv7.0中已经被删除了,我尝试使用pdo来获取数据(服务器端),使用datatables,使用下面的示例,但是mysql中需要pdo:code:
柱:
/* Array of database columns which should be read and sent back to DataTables. Use a space where
* you want to insert a non-database field (for example a counter or static image)
*/
$aColumns = array( 'first_name', 'last_name', 'position', 'office', 'salary' );
/* Indexed column (used for fast and accurate table cardinality) */
$sIndexColumn = "id";
/* DB table to use */
$sTable = "datatables_demo";正在创建pdo连接:
$db_host = "localhost";
$db_name = "sadad";
$db_user = "root";
$db_pass = "root";
try{
$db_con = new PDO("mysql:host={$db_host};dbname={$db_name}",$db_user,$db_pass);
$db_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e){
echo $e->getMessage();
}以下代码:
$sLimit = "";
if ( isset( $_GET['iDisplayStart'] ) && $_GET['iDisplayLength'] != '-1' )
{
$sLimit = "LIMIT ".$db_con->quote( $_GET['iDisplayStart'] ).", ".
$db_con->quote( $_GET['iDisplayLength'] );
}
/*
* Ordering
*/
if ( isset( $_GET['iSortCol_0'] ) )
{
$sOrder = "ORDER BY ";
for ( $i=0 ; $i<intval( $_GET['iSortingCols'] ) ; $i++ )
{
if ( $_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true" )
{
$sOrder .= $aColumns[ intval( $_GET['iSortCol_'.$i] ) ]."
".$db_con->quote( $_GET['sSortDir_'.$i] ) .", ";
}
}
$sOrder = substr_replace( $sOrder, "", -2 );
if ( $sOrder == "ORDER BY" )
{
$sOrder = "";
}
}
/*
* Filtering
* NOTE this does not match the built-in DataTables filtering which does it
* word by word on any field. It's possible to do here, but concerned about efficiency
* on very large tables, and MySQL's regex functionality is very limited
*/
$sWhere = "";
if ( $_GET['sSearch'] != "" )
{
$sWhere = "WHERE (";
for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
$sWhere .= $aColumns[$i]." LIKE '%".$db_con->quote( $_GET['sSearch'] )."%' OR ";
}
$sWhere = substr_replace( $sWhere, "", -3 );
$sWhere .= ')';
}
/* Individual column filtering */
for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
if ( $_GET['bSearchable_'.$i] == "true" && $_GET['sSearch_'.$i] != '' )
{
if ( $sWhere == "" )
{
$sWhere = "WHERE ";
}
else
{
$sWhere .= " AND ";
}
$sWhere .= $aColumns[$i]." LIKE '%".$db_con->quote($_GET['sSearch_'.$i])."%' ";
}
}
$my = str_replace(" , ", " ", implode(", ", $aColumns));
/*
* SQL queries
* Get data to display
*/
$sQuery = $db_con->query("SELECT {$my} FROM {$sTable} {$sWhere} {$sOrder} {$sLimit}")->fetchAll();
//$rResult = ( $sQuery );
/* Data set length after filtering */
$sQuery = "
SELECT FOUND_ROWS()
";
//$rResultFilterTotal = $sQuery;
$aResultFilterTotal = $sQuery;
$iFilteredTotal = $aResultFilterTotal[0];
/* Total data set length */
$sQuery = "
SELECT COUNT(".$sIndexColumn.")
FROM $sTable
";
$rResultTotal = $db_con->query( $sQuery ) or die(mysql_error());
$aResultTotal = $rResultTotal->fetchAll();
$iTotal = $aResultTotal[0];
/*
* Output
*/
$output = array(
"sEcho" => intval($_GET['sEcho']),
"iTotalRecords" => $iTotal,
"iTotalDisplayRecords" => $iFilteredTotal,
"aaData" => array()
);
while ( $aRow = $rResult->fetchAll() )
{
$row = array();
for ( $i=0 ; $i<count($aColumns) ; $i++ )
{
if ( $aColumns[$i] == "version" )
{
/* Special output formatting for 'version' column */
$row[] = ($aRow[ $aColumns[$i] ]=="0") ? '-' : $aRow[ $aColumns[$i] ];
}
else if ( $aColumns[$i] != ' ' )
{
/* General output */
$row[] = $aRow[ $aColumns[$i] ];
}
}
$output['aaData'][] = $row;
}
echo json_encode( $output );错误:但我得到的错误,我不知道什么改变在上面,开始在pdo,一个更新的答案与代码将不胜感激:
更新的代码现在收到以下错误
[28-Aug-2018 16:58:39 UTC] PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''asc' LIMIT '0', '50'' at line 2' in C:\MAMP\htdocs\backend\my.php:131
Stack trace:
# 0 C:\MAMP\htdocs\backend\my.php(131): PDO->query('SELECT first_na...')
# 1 {main}
thrown in C:\MAMP\htdocs\backend\my.php on line 131
**ERROR:**
1条答案
按热度按时间ymdaylpp1#
我看到一个问题:
这个
PDO::quote()函数的输出与旧的已弃用函数的输出不同mysql_real_escape_string()功能。假设您的字符串是“o'reilly”,您需要转义撇号字符。
mysql_real_escape_string("O'Reilly")将返回:鉴于
$db_con->quote("O'Reilly")将返回:函数的作用是:在字符串的开头和结尾添加字符串分隔符。这使得它的工作原理与mysql内置函数quote()相同
所以当你使用
PDO::quote()你这样做:生成的sql子句如下所示:
这是行不通的。你需要:
一种解决方案是添加
%通配符,然后引用结果:现在它利用了
PDO::quote()添加字符串分隔符。顺便说一下,我发现
.字符串串联使php看起来很糟糕。编写代码很难,阅读和调试代码也很难。我更喜欢直接在字符串中使用变量。不要害怕用两行代码来完成这项工作。对于代码可读性来说,在一行中塞进太多东西并不总是最好的。但还有另一种方法更简单更安全。
使用查询参数而不是转义/引用。
后来。。。
使用参数比使用转义/引用更简单。你不必纠结于你的引号是否正确平衡,因为参数占位符
?它周围不需要字符串分隔符。如果您正在学习pdo,我建议您阅读:
https://phpdelusions.net/pdo -很好的教程。
http://php.net/pdo -参考文件。
两者都是重要和有用的。参考文档不适合学习,但是在你完成教程之后,它们很有用,可以提醒自己语法、参数、返回值等。我做了大量的pdo编码,但是我经常打开参考文档。