我正在慢慢地将有 MSQLI 的网站页面转换为 PDO。但是我有登录脚本的这一部分,我不确定它是否可以在 PDO 中完成,如果不能,是否有人对如何使其安全有任何建议。它与下面的代码部分有关,它是一个与 $pass_fail 变量相关的多查询,然后是一个我可能可以解决的单个选择查询 $pass_fail_query 变量。但它是我在使用 PDO 时遇到的多查询,我该如何执行它?$pass_fail = " DELETE FROM `login_fail` WHERE `last_fail_login` < DATE_SUB(NOW(), INTERVAL 5 MINUTE);";$pass_fail .= " INSERT INTO login_fail ( user_id, email, last_fail_login, fail_login_ip ) VALUES ( '$user_id', '$email', '$last_login_date', '$ip' );";$pass_fail .= " UPDATE members SET `last_fail_login` = '$last_login', `fail_login_ip`= '$ip' WHERE email = '$email'";$pass_fail_query = " SELECT * FROM `login_fail` WHERE `email` = '$email' AND `last_fail_login` > date_sub(now(), interval 5 minute)";
1 回答
慕森卡
TA贡献1806条经验 获得超8个赞
只需将它们创建为单独的查询。
$pass_fail_delete = $pdo->prepare("
DELETE FROM `login_fail`
WHERE
`last_fail_login` < DATE_SUB(NOW(), INTERVAL 5 MINUTE);
");
$pass_fail_insert = $pdo->prepare("
INSERT INTO login_fail (
user_id,
email,
last_fail_login,
fail_login_ip
) VALUES (
:user_id,
:email,
:last_login_date,
:ip
);
");
$pass_fail_update = $pdo->prepare("
UPDATE members SET
`last_fail_login` = :last_login,
`fail_login_ip`= :ip
WHERE
email = :email
");
$pass_fail_query = $pdo->prepare("
SELECT
*
FROM `login_fail`
WHERE
`email` = :email
AND `last_fail_login` > date_sub(now(), interval 5 minute)
");
然后,而不是使用mysqli_multi_query()执行$pass_fail在一个调用,执行3个查询:
$pass_fail_delete->execute();
$pass_fail_insert->execute([':user_id' => $user_id, ':email' => $email, ':last_login_date' => $last_login_date, ':ip' => $ip]);
$pass_fail_update->execute([':last_login' => $last_login, ':ip' => $ip, ':email' => $email]);
$pass_fail_query->execute([':email' => $email]);
- 1 回答
- 0 关注
- 129 浏览
添加回答
举报
0/150
提交
取消