如何将多个查询从mssql_ *转换为PDO mysql
I have little php code for daily audit transaction.I make simple to get the point.
$result = mssql_query("BEGIN TRAN");
$result = mssql_query("insert into items_history (select * from items)"); //move transaction to history
$result = mssql_query("delete * from items)"); //clear transaction table for new month transaction
$result = mssql_query( //get the data for used in another script
"select items_history.item_id,
items_history.item_name,
group_items.group_name
from
items_history,group_items
where group_items.id=items_history.id and
day(items_history.date_trans)=day(items_history.date_trans)-1 " // whit where include
);
$result = mssql_query("update trans_control set current_day=current_day+1" }; //update the system date to next day
if (!$result) {
mssql_query("ROLLBACK TRAN");
} else {
mssql_query("COMMIT TRAN");
}
mssql_close();
For some reason, this database need to store online with mysql database. in offline, i am not much wory about secure with this code. But in online, it make me think allot about secure. And now i want to convert this script in to PDO MySql. the goal is simple with more secure:
$result = q("BEGIN");
$result = q("qry1");
$result = q("qry2");
$result = q("qry3");// select with many join table and some parameter data in where like 'string','int', 'date', and maybe with "Union All" in select
$result = q("qry..."};
if (!$result) {
q("ROLLBACK");
} else {
q("COMMIT");
}
If another question have problem same like this. I am glade to start with that, specially simple wrapper, so i can learn how it work. thank you to before.
我的每日审计事务都有很少的PHP代码。我很容易理解这一点。 p>
$ result = mssql_query(“BEGIN TRAN”);
$ result = mssql_query(“insert into items_history(select * from items)”); //将事务移动到历史记录
$ result = mssql_query(“delete * from items)”); //清除新月事务的事务表
$ result = mssql_query(//获取另一个脚本中使用的数据
“select items_history.item_id,
items_history.item_name,
group_items.group_name
from
items_history,group_items
其中group_items.id = items_history.id和
day(items_history.date_trans)= day(items_history.date_trans)-1“// whit where include
);
$ result = mssql_query(”update trans_control set current_day = current_day + 1“}; //将系统日期更新到第二天
if(!$ result){
mssql_query(”ROLLBACK TRAN“);
} else {
mssql_query(”COMMIT TRAN“);
}
mssql_close();
code> pre>
出于某种原因,这个数据库需要在线存储mysql数据库。
in offline,i not not 使用此代码可以保证安全。但在网上,这让我觉得分配 关于安全。
现在我想将此脚本转换为PDO MySql。
目标很简单,更安全: p>
$ result = q(“BEGIN”);
$ result = q(“qry1”);
$ result = q(“qry2”);
$ result = q(“qry3”); //选择多个连接表和一些参数数据在哪里 选择
$ result = q(“qry ...”};
if(!$ result){
q(
')中的'string','int','date'以及可能与“Union All” ROLLBACK“);
} else {
q(”COMMIT“);
}
code> pre>
如果另一个问题有类似的问题。我很满意 从那开始,特别是简单的包装,所以我可以了解它是如何工作的。
感谢你之前。 p>
div>
The security should be no problem as long as you use bound parameters, see www.php.net/manual/en/pdostatement.bindparam.php and http://www.php.net/manual/en/pdostatement.bindvalue.php
And for your transactions you can emulate the same thing by using these methods:
http://www.php.net/manual/en/pdo.begintransaction.php instead of your BEGIN TRAN query, http://www.php.net/manual/en/pdo.commit.php instead of COMMIT, http://www.php.net/manual/en/pdo.rollback.php instead of ROLLBACK
But if the queries are exactly the ones from your first code sample I don't see any external parameters that could cause security issues