使用PHP连接数据库有哪些最安全的方法? [重复]

时间:2022-10-17 22:04:00

This question already has an answer here:

这个问题在这里已有答案:

I'm still new to PHP and MYSQL and I'm trying to learn both with modern coding techniques. All the stuff I find online seems to be outdated.

我还是PHP和MYSQL的新手,我正在尝试用现代编码技术学习。我在网上找到的所有东西似乎已经过时了。

Can anybody suggest anything for me? I am also curious if the below code is outdated? If it is indeed outdated, can you suggest newer and safer methods?

任何人都可以为我推荐一些东西吗?如果以下代码已过时,我也很好奇?如果它确实过时了,你能建议更新更安全的方法吗?

<?php
    $connection = mysql_connect("localhost", "root", "");
    if (!$connection) {
        die("Oops, error happened: " . mysql_error());
    }
?>

5 个解决方案

#1


10  

Use PDO functions.

使用PDO功能。

Database Connection Using PDO:

使用PDO进行数据库连接:

$conn = new PDO('mysql:host=localhost;dbname=myDatabase', $username, $password);

#2


4  

safest ways to connect to a database with PHP

使用PHP连接数据库的最安全方法

If you are looking for the safe methods you actually need to fire proof your queries from injections. MySQL extension is going to be deprecated soon, it does not means its not safe now, its just the case that community dropped further development for the extension.

如果您正在寻找安全的方法,您实际需要通过注射来验证您的查询。 MySQL扩展将很快被弃用,这并不意味着它现在不安全,只是社区放弃了扩展的进一步开发。

You can try both PDO and mysqli for your database queries, both are good.

您可以尝试PDO和mysqli进行数据库查询,两者都很好。

Your choice should depends upon your database selection -

您的选择应取决于您的数据库选择 -

PDO supports around 12 different drivers, while MySQLi supports MySQL only.

PDO支持大约12种不同的驱动程序,而MySQLi仅支持MySQL。

List of PDO drivers available

可用的PDO驱动程序列表

CUBRID (PDO)
MS SQL Server (PDO)
Firebird/Interbase (PDO)
IBM (PDO)
Informix (PDO)
MySQL (PDO)
MS SQL Server (PDO)
Oracle (PDO)
ODBC and DB2 (PDO)
PostgreSQL (PDO)
SQLite (PDO)
4D (PDO) 

Source - pdo-drivers-in-php

源 - pdo-drivers-in-php

API support

API支持

PDO and MySQLi both offers object-oriented API, but MySQLi also offers a procedural API.

PDO和MySQLi都提供面向对象的API,但MySQLi也提供了一个过程API。

#3


3  

Yes, your code is outdated. and mysql_connect, mysql_query etc will be deleted soon.

是的,您的代码已过时。和mysql_connect,mysql_query等将很快被删除。

There are basically two options to use: (without installing 3rd party applications)

基本上有两种选择:(不安装第三方应用程序)

Take a look at http://php.net/manual/en/book.pdo.php

看看http://php.net/manual/en/book.pdo.php

OR

要么

use Mysqli http://php.net/manual/en/book.mysqli.php

使用Mysqli http://php.net/manual/en/book.mysqli.php

#4


2  

When accessing a database in PHP, we now have two choices: MySQLi and PDO.

在PHP中访问数据库时,我们现在有两个选择:MySQLi和PDO。

To choose which one you want to use take a look here!

要选择您要使用的那个,请看这里!

And if you want to know why you shouldn't use mysql_* then take a look at this post!

如果你想知道为什么你不应该使用mysql_ *那么看看这篇文章吧!

#5


0  

The first of all:

首先:

Yes, the line is outdated.

是的,这条线已经过时了。

You can use instead mysqli_* functions which have very similar use as mysql_.

您可以使用与mysql_非常相似的mysqli_ *函数。

Secondly, if you know something about object-oriented programming, you can use PDO, as suggested in the other answers.

其次,如果您对面向对象编程有所了解,可以使用PDO,如其他答案所示。

The last thing to mention is that never ever show error message to the user. He doesn't need to know that something went wrong, and he doesn't need to know WHAT went wrong. So never die() with error message.

最后要提到的是永远不会向用户显示错误消息。他不需要知道出了什么问题,他也不需要知道出了什么问题。所以永远不要死()错误信息。

#1


10  

Use PDO functions.

使用PDO功能。

Database Connection Using PDO:

使用PDO进行数据库连接:

$conn = new PDO('mysql:host=localhost;dbname=myDatabase', $username, $password);

#2


4  

safest ways to connect to a database with PHP

使用PHP连接数据库的最安全方法

If you are looking for the safe methods you actually need to fire proof your queries from injections. MySQL extension is going to be deprecated soon, it does not means its not safe now, its just the case that community dropped further development for the extension.

如果您正在寻找安全的方法,您实际需要通过注射来验证您的查询。 MySQL扩展将很快被弃用,这并不意味着它现在不安全,只是社区放弃了扩展的进一步开发。

You can try both PDO and mysqli for your database queries, both are good.

您可以尝试PDO和mysqli进行数据库查询,两者都很好。

Your choice should depends upon your database selection -

您的选择应取决于您的数据库选择 -

PDO supports around 12 different drivers, while MySQLi supports MySQL only.

PDO支持大约12种不同的驱动程序,而MySQLi仅支持MySQL。

List of PDO drivers available

可用的PDO驱动程序列表

CUBRID (PDO)
MS SQL Server (PDO)
Firebird/Interbase (PDO)
IBM (PDO)
Informix (PDO)
MySQL (PDO)
MS SQL Server (PDO)
Oracle (PDO)
ODBC and DB2 (PDO)
PostgreSQL (PDO)
SQLite (PDO)
4D (PDO) 

Source - pdo-drivers-in-php

源 - pdo-drivers-in-php

API support

API支持

PDO and MySQLi both offers object-oriented API, but MySQLi also offers a procedural API.

PDO和MySQLi都提供面向对象的API,但MySQLi也提供了一个过程API。

#3


3  

Yes, your code is outdated. and mysql_connect, mysql_query etc will be deleted soon.

是的,您的代码已过时。和mysql_connect,mysql_query等将很快被删除。

There are basically two options to use: (without installing 3rd party applications)

基本上有两种选择:(不安装第三方应用程序)

Take a look at http://php.net/manual/en/book.pdo.php

看看http://php.net/manual/en/book.pdo.php

OR

要么

use Mysqli http://php.net/manual/en/book.mysqli.php

使用Mysqli http://php.net/manual/en/book.mysqli.php

#4


2  

When accessing a database in PHP, we now have two choices: MySQLi and PDO.

在PHP中访问数据库时,我们现在有两个选择:MySQLi和PDO。

To choose which one you want to use take a look here!

要选择您要使用的那个,请看这里!

And if you want to know why you shouldn't use mysql_* then take a look at this post!

如果你想知道为什么你不应该使用mysql_ *那么看看这篇文章吧!

#5


0  

The first of all:

首先:

Yes, the line is outdated.

是的,这条线已经过时了。

You can use instead mysqli_* functions which have very similar use as mysql_.

您可以使用与mysql_非常相似的mysqli_ *函数。

Secondly, if you know something about object-oriented programming, you can use PDO, as suggested in the other answers.

其次,如果您对面向对象编程有所了解,可以使用PDO,如其他答案所示。

The last thing to mention is that never ever show error message to the user. He doesn't need to know that something went wrong, and he doesn't need to know WHAT went wrong. So never die() with error message.

最后要提到的是永远不会向用户显示错误消息。他不需要知道出了什么问题,他也不需要知道出了什么问题。所以永远不要死()错误信息。