php中使用mysql需要注意

 在 PHP 5 中，在默认情况下 MySQL 支持是禁止的

 需要在 php.ini 中打开 mysql 扩展的加载

 extension_dir = "ext"   //扩展目录打开
 extension=php_mysql.dll  // 要加载的扩展

然后 会警告 

mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in

大意是 mysql_connect（php_mysql.dll） 马上就要废弃了，待会我们会换成 打开 php_mysqli.dll

#php_mysql.dll

<?php 
mysql_connect($db_host, $db_user, $db_password); 
mysql_select_db($dn_name); 
$result = mysql_query("SELECT `name` FROM `users` WHERE `location` = '$location'");//此处很容易sql注入 
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) 
{ 
echo $row['name']; 
} 
mysql_free_result($result); 
?> 

#另一种 php_mysqli.dll

<?php 
$mysqli = new mysqli($db_host, $db_user, $db_password, $db_name); 
$sql = "INSERT INTO `users` (id, name, gender, location) VALUES (?, ?, ?, ?)"; 
$stmt = $mysqli->prepare($sql); 
$stmt->bind_param('dsss', $source_id, $source_name, $source_gender, $source_location); 
$stmt->execute(); 
$stmt->bind_result($id, $name, $gender, $location); 
while ($stmt->fetch()) 
{ 
echo $id . $name . $gender . $location; 
} 
$stmt->close(); 
$mysqli->close(); 
?>   

则相对安全多了