PDO和Mysqli对比分析，你总结归纳一下吧

php操作mysql数据库，大家都知道有三种驱动，mysql mysqli pdo，其中mysql在php7之后被废除了。不是本文重点。咱现在来分析一下mysqli和PDO的区别，下面一张表用来说明他们的区别

连接方式

// PDO
$pdo = new PDO(“mysql:host=localhost;dbname=database”, ‘username’, ‘password’);

// mysqli面向过程
$mysqli = mysqli_connect(‘localhost’,‘username’,‘password’,‘database’);

// mysqli面向对象
$mysqli = new mysqli(‘localhost’,‘username’,‘password’,‘database’);
对数据库的支持方面
pdo多种支持
代码表现

var_dump(PDO::getAvailableDrivers());
参数绑定
POD方式

$params = array(’:username’ => ‘test’, ‘:email’ => $mail, ‘:last_login’ => time() - 3600);

$pdo->prepare(’
SELECT * FROM users
WHERE username = :username
AND email = :email
AND last_login > :last_login’);

p d o − > e x e c u t e ( pdo->execute( pdo−>execute(params);

mysqli方式

$query = $mysqli->prepare(’
SELECT * FROM users
WHERE username = ?
AND email = ?
AND last_login > ?’);

$query->bind_param(‘sss’, ‘test’, $mail, time() - 3600);
$query->execute();
对象映射
假设我们有一个类，是如下这样

class User {
public $id;
public $first_name;
public $last_name;

public function info()
{return '#'.$this->id.': '.$this->first_name.' '.$this->last_name;
}

}

再看看两者的方式

$query = “SELECT id, first_name, last_name FROM users”;

// PDO
$result = p d o − > q u e r y ( pdo->query( pdo−>query(query);
$result->setFetchMode(PDO::FETCH_CLASS, ‘User’);

while ($user = $result->fetch()) {
echo KaTeX parse error: Undefined control sequence: \n at position 15: user->info()."\̲n̲"; } // MySQLI,…result = mysqli_query($mysqli, KaTeX parse error: Expected '}', got 'EOF' at end of input: …) { while (user = mysqli_fetch_object($result, ‘User’)) {
echo KaTeX parse error: Undefined control sequence: \n at position 15: user->info()."\̲n̲"; } } // M…result = m y s q l i − > q u e r y ( mysqli->query( mysqli−>query(query)) {
while ($user = $result->fetch_object(‘User’)) {
echo $user->info()."\n";
}}
安全方面
二者都可以防止sql注入
代码

// PDO, “manual” escaping
u s e r n a m e = P D O : : q u o t e ( username = PDO::quote( username=PDO::quote(_GET[‘username’]);

$pdo->query(“SELECT * FROM users WHERE username = $username”);

// mysqli, “manual” escaping
u s e r n a m e = m y s q l i r e a l e s c a p e s t r i n g ( username = mysqli_real_escape_string( username=mysqlir​eale​scapes​tring(_GET[‘username’]);

m y s q l i − > q u e r y ( " S E L E C T ∗ F R O M u s e r s W H E R E u s e r n a m e = ′ mysqli->query("SELECT * FROM users WHERE username = ' mysqli−>query("SELECT∗FROMusersWHEREusername=′username’");
预处理机制

// PDO, prepared statement
$pdo->prepare(‘SELECT * FROM users WHERE username = :username’);
$pdo->execute(array(’:username’ => $_GET[‘username’]));

// mysqli, prepared statements
$query = $mysqli->prepare(‘SELECT * FROM users WHERE username = ?’);
$query->bind_param(‘s’, $_GET[‘username’]);
$query->execute();

总结
pdo的强大之处是显而易见的，支持多种数据库，还有参数绑定是特色，所以还是要会用PDO哦

PDO和Mysqli对比分析，你总结归纳一下吧

php操作mysql数据库，大家都知道有三种驱动，mysql mysqli pdo，其中mysql在php7之后被废除了。不是本文重点。咱现在来分析一下mysqli和PDO的区别，下面一张表用来说明他们的区别

连接方式

// PDO
$pdo = new PDO(“mysql:host=localhost;dbname=database”, ‘username’, ‘password’);

// mysqli面向过程
$mysqli = mysqli_connect(‘localhost’,‘username’,‘password’,‘database’);

// mysqli面向对象
$mysqli = new mysqli(‘localhost’,‘username’,‘password’,‘database’);
对数据库的支持方面
pdo多种支持
代码表现

var_dump(PDO::getAvailableDrivers());
参数绑定
POD方式

$params = array(’:username’ => ‘test’, ‘:email’ => $mail, ‘:last_login’ => time() - 3600);

$pdo->prepare(’
SELECT * FROM users
WHERE username = :username
AND email = :email
AND last_login > :last_login’);

p d o − > e x e c u t e ( pdo->execute( pdo−>execute(params);

mysqli方式

$query = $mysqli->prepare(’
SELECT * FROM users
WHERE username = ?
AND email = ?
AND last_login > ?’);

$query->bind_param(‘sss’, ‘test’, $mail, time() - 3600);
$query->execute();
对象映射
假设我们有一个类，是如下这样

class User {
public $id;
public $first_name;
public $last_name;

public function info()
{return '#'.$this->id.': '.$this->first_name.' '.$this->last_name;
}

}

再看看两者的方式

$query = “SELECT id, first_name, last_name FROM users”;

// PDO
$result = p d o − > q u e r y ( pdo->query( pdo−>query(query);
$result->setFetchMode(PDO::FETCH_CLASS, ‘User’);

while ($user = $result->fetch()) {
echo KaTeX parse error: Undefined control sequence: \n at position 15: user->info()."\̲n̲"; } // MySQLI,…result = mysqli_query($mysqli, KaTeX parse error: Expected '}', got 'EOF' at end of input: …) { while (user = mysqli_fetch_object($result, ‘User’)) {
echo KaTeX parse error: Undefined control sequence: \n at position 15: user->info()."\̲n̲"; } } // M…result = m y s q l i − > q u e r y ( mysqli->query( mysqli−>query(query)) {
while ($user = $result->fetch_object(‘User’)) {
echo $user->info()."\n";
}}
安全方面
二者都可以防止sql注入
代码

// PDO, “manual” escaping
u s e r n a m e = P D O : : q u o t e ( username = PDO::quote( username=PDO::quote(_GET[‘username’]);

$pdo->query(“SELECT * FROM users WHERE username = $username”);

// mysqli, “manual” escaping
u s e r n a m e = m y s q l i r e a l e s c a p e s t r i n g ( username = mysqli_real_escape_string( username=mysqlir​eale​scapes​tring(_GET[‘username’]);

m y s q l i − > q u e r y ( " S E L E C T ∗ F R O M u s e r s W H E R E u s e r n a m e = ′ mysqli->query("SELECT * FROM users WHERE username = ' mysqli−>query("SELECT∗FROMusersWHEREusername=′username’");
预处理机制

// PDO, prepared statement
$pdo->prepare(‘SELECT * FROM users WHERE username = :username’);
$pdo->execute(array(’:username’ => $_GET[‘username’]));

// mysqli, prepared statements
$query = $mysqli->prepare(‘SELECT * FROM users WHERE username = ?’);
$query->bind_param(‘s’, $_GET[‘username’]);
$query->execute();

总结
pdo的强大之处是显而易见的，支持多种数据库，还有参数绑定是特色，所以还是要会用PDO哦