pdo预处理案例
pdo防止sql注入预处理
1.查询
public function dologin2(){
$dsn = "mysql:host=127.0.0.1;dbname=php7";//pdo 连接方法
$db = new PDO($dsn, 'root', 'root');
$name=$_POST['name'];//$name="zhangsan' or 'a' ='a"
$pwd=$_POST['pwd'];
/*
$count = $db->exec("insert into pdo1(name,pwd) value('$name','$pwd')");
echo $count;
*/
$sql="SELECT * FROM pdo1 where name='$name' and pwd='$pwd'";
$sql="select * from pdo1 where name = ? and pwd = ?";
$stmt = $db->prepare($sql);
$exeres = $stmt->execute(array($name,$pwd));
if ($exeres) {
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
setcookie('name',$name);
redirect("welcome/asdf");
}
}
}
2.添加
<?php
header("content-type:text/html;charset=utf-8");
$ch = curl_init();
$url ='http://apis.baidu.com/apistore/iplookupservice/iplookup?ip=117.89.65.68';
$header = array(
'apikey: 10d4752cc594de7808c253fccd754832',
);
curl_setopt($ch, CURLOPT_HTTPHEADER , $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch , CURLOPT_URL , $url);
$res = curl_exec($ch);
$arr=json_decode($res,true);
//print_r($json);die;
$dsn = "mysql:host=localhost;dbname=php7";
$pdo=new PDO($dsn,'root','root',array(PDO::MYSQL_ATTR_INIT_COMMAND=>'set names utf8'));
$stmt=$pdo->prepare("insert into day15(ip,country,city,district,carrier,province)values(:ip,:co,:ci,:di,:ca,:pr)");
$stmt->bindparam("ip",$arr['retData']['ip']);
$stmt->bindparam("co",$arr['retData']['country']);
$stmt->bindparam("ci",$arr['retData']['city']);
$stmt->bindparam("di",$arr['retData']['district']);
$stmt->bindparam("ca",$arr['retData']['carrier']);
$stmt->bindparam("pr",$arr['retData']['province']);
if($stmt->execute()){
echo "执行成功";
echo "最后插入的ID:".$pdo->lastInsertId();
}else{
echo "执行失败";
}
?>