php PHP中的$stmt是什么
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27087081/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
what is $stmt in PHP
提问by Zach Smith
What exactly is $stmt and what is it's purpose? what does it stand for..
$stmt 究竟是什么,它的目的是什么?它代表什么..
I'm following a tutorial that is using prepared statements and looked up stmt in the manual: http://php.net/manual/en/class.mysqli-stmt.php
我正在学习使用准备好的语句并在手册中查找 stmt 的教程:http: //php.net/manual/en/class.mysqli-stmt.php
and see that it is a class that "represents a prepared statement" - which i guess is a prepared sql statement that you slot a variable into. though I don't see how this id different to storing a sql statement as a string and then manipulating the string to add variables when you need?
并看到它是一个“表示准备好的语句”的类 - 我猜这是一个准备好的 sql 语句,您将变量插入其中。虽然我看不出这个 id 与将 sql 语句存储为字符串然后在需要时操作字符串以添加变量有何不同?
回答by deceze
"$stmt" obviously (I think) stands for "statement". As a variable name it's arbitrary, you can name that variable anything you want. $stmtis just rather idiomatic.
“ $stmt”显然(我认为)代表“声明”。作为变量名称,它是任意的,您可以随意命名该变量。$stmt只是相当地道。
A prepared statement as such is a database feature. The database itself takes the query in two steps: first the query structure with placeholders, second the data to fill in the placeholders. The statement objects on the PHP side represent this separation and are there to give you a handle representing the prepared statement on the SQL server side.
准备好的语句是一个数据库特性。数据库本身分两步进行查询:首先是带有占位符的查询结构,其次是填充占位符的数据。PHP 端的语句对象代表这种分离,并在那里为您提供一个句柄,代表 SQL 服务器端的准备好的语句。
The point of this separation is that there's no chance of having SQL injection problems due to incorrectly escaped arbitrary string values; it is also useful for performance if you reuse that prepared statement a number of times.
这种分离的意义在于,不会因为错误地转义任意字符串值而出现 SQL 注入问题;如果您多次重用该准备好的语句,它对性能也很有用。
回答by Tom
Working with statements is much safer than inserting variables into a plain SQL string. By using statements you prevent SQL injection. Take a look at:
使用语句比将变量插入普通 SQL 字符串安全得多。通过使用语句,您可以防止 SQL 注入。看一眼:
How does the SQL injection from the "Bobby Tables" XKCD comic work?
“Bobby Tables”XKCD 漫画中的 SQL 注入是如何工作的?
&
&
回答by Ed Heal
What exactly is $stmt and what is it's purpose?
$stmt 究竟是什么,它的目的是什么?
It is a variable and stores a value
它是一个变量并存储一个值
People do use it for statement - others are a bit more imaginative with variables name
人们确实将它用于声明 - 其他人对变量名称更具想象力
