MYSQLI 到 PDO 指导 [重复]

Question

我正在慢慢地将有 MSQLI 的网站页面转换为 PDO。但是我有一个登录脚本的这一部分，我不确定它是否可以在 PDO 中完成，如果它不能，任何人都对如何使其安全有任何建议。 它与下面的代码部分有关，它是一个与 $pass_fail 变量相关的多查询，然后是一个我可能可以解决的单个选择查询 $pass_fail_query 变量。但它是我在使用 PDO 时遇到的多重查询，我该如何执行它？

$pass_fail = "
  DELETE FROM `login_fail`
  WHERE
    `last_fail_login` < DATE_SUB(NOW(), INTERVAL 5 MINUTE);
";

$pass_fail .= "
  INSERT INTO login_fail (
    user_id,
    email,
    last_fail_login,
    fail_login_ip
  ) VALUES (
    '$user_id',
    '$email',
    '$last_login_date',
    '$ip'
  );
";

$pass_fail .= "
  UPDATE members SET
    `last_fail_login` = '$last_login',
    `fail_login_ip`= '$ip'
  WHERE
    email = '$email'
";

$pass_fail_query = "
  SELECT
    *
  FROM `login_fail`
  WHERE
    `email` = '$email'
    AND `last_fail_login` > date_sub(now(), interval 5 minute)
";

Answer 1

只需将它们创建为单独的查询。

$pass_fail_delete = $pdo->prepare("
  DELETE FROM `login_fail`
  WHERE
    `last_fail_login` < DATE_SUB(NOW(), INTERVAL 5 MINUTE);
");
$pass_fail_insert = $pdo->prepare("
  INSERT INTO login_fail (
    user_id,
    email,
    last_fail_login,
    fail_login_ip
  ) VALUES (
    :user_id,
    :email,
    :last_login_date,
    :ip
  );
");
$pass_fail_update = $pdo->prepare("
  UPDATE members SET
    `last_fail_login` = :last_login,
    `fail_login_ip`= :ip
  WHERE
    email = :email
");
$pass_fail_query = $pdo->prepare("
  SELECT
    *
  FROM `login_fail`
  WHERE
    `email` = :email
    AND `last_fail_login` > date_sub(now(), interval 5 minute)
");

然后不是使用mysqli_multi_query()在一次调用中执行$pass_fail，而是执行3个查询：

$pass_fail_delete->execute();
$pass_fail_insert->execute([':user_id' => $user_id, ':email' => $email, ':last_login_date' => $last_login_date, ':ip' => $ip]);
$pass_fail_update->execute([':last_login' => $last_login, ':ip' => $ip, ':email' => $email]);
$pass_fail_query->execute([':email' => $email]);