PDO预处理案例

pdo防止sql注入预处理

1.查询

 public function dologin2(){
     $dsn = "mysql:host=127.0.0.1;dbname=php7";//pdo 连接方法
     $db = new PDO($dsn, 'root', 'root');
     $name=$_POST['name'];//$name="zhangsan' or 'a' ='a"
     $pwd=$_POST['pwd'];
     /*
     $count = $db->exec("insert into pdo1(name,pwd) value('$name','$pwd')");
     echo $count;
     */
     $sql="SELECT * FROM pdo1 where name='$name' and pwd='$pwd'";
     $sql="select * from pdo1 where name = ? and pwd = ?";
     $stmt = $db->prepare($sql);
     $exeres = $stmt->execute(array($name,$pwd));
     if ($exeres) {
         while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
             setcookie('name',$name);
             redirect("welcome/asdf");
         }
     }

 }

2.添加

 <?php
     header("content-type:text/html;charset=utf-8");
     $ch = curl_init();
     $url ='http://apis.baidu.com/apistore/iplookupservice/iplookup?ip=117.89.65.68';
     $header = array(
         'apikey: 10d4752cc594de7808c253fccd754832',
     );
     curl_setopt($ch, CURLOPT_HTTPHEADER  , $header);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     curl_setopt($ch , CURLOPT_URL , $url);
     $res = curl_exec($ch);
     $arr=json_decode($res,true);
     //print_r($json);die;
     $dsn = "mysql:host=localhost;dbname=php7";
     $pdo=new PDO($dsn,'root','root',array(PDO::MYSQL_ATTR_INIT_COMMAND=>'set names utf8'));
     $stmt=$pdo->prepare("insert into day15(ip,country,city,district,carrier,province)values(:ip,:co,:ci,:di,:ca,:pr)");
     $stmt->bindparam("ip",$arr['retData']['ip']);
     $stmt->bindparam("co",$arr['retData']['country']);
     $stmt->bindparam("ci",$arr['retData']['city']);
     $stmt->bindparam("di",$arr['retData']['district']);
     $stmt->bindparam("ca",$arr['retData']['carrier']);
     $stmt->bindparam("pr",$arr['retData']['province']);
     if($stmt->execute()){
         echo "执行成功";
         echo "最后插入的ID:".$pdo->lastInsertId();
     }else{
         echo "执行失败";
     }
 ?>