mysql预编译处理（mysqli、PDO）

<?php

$mysqli = new mysqli("localhost","root","root","dbname");
$mysqli->query("set names utf8");
$sql = 'insert into user(id,name,age,email) values (?,?,?,?)';
$mysqli_stmt = $mysqli->prepare($sql);

$id = 2;
$name = 'kung';
$age = 28;
$email = 'ohdas@163.com';

$mysqli_stmt->bind_param('isis',$id,$name,$age,$email);

$res = $mysqli_stmt->execute();

if(!$res){
echo 'error'.$mysqli_stmt->error;
exit;
}else{
echo 'ok';
}

$id = 3;
$name = 'xiaoyu';
$age = 28;
$email = 'kung-yu@163.com';

$mysqli_stmt->bind_param('isis',$id,$name,$age,$email);
$res = $mysqli_stmt->execute();

if(!$res){
echo 'error'.mysqli_stmt->error;
exit;
}else{
echo 'ok';
}
?>

<?php
$dns = 'mysql:dbname=dbname;host=127.0.0.1';
$user = 'root';
$password = 'root';
try{
$pdo = new PDO($dns,$user,$password);
} catch(PDOException $e){
echo $e->getMessage();
}
$pdo->query("set names utf8");

$sql = 'inser into user values(:id,:name,:age,:email)';
$pdo_stmt = $pdo->prepare($sql);

$id = 2;
$name = 'kung';
$age = 27;
$email = 'ohdas@163.com';

$pdo_stmt->bindParam(':id',$id);
$pdo_stmt->bindParam(':name',$name);
$pdo_stmt->bindParam(':age',$age);
$pdo_stmt->bindParam(':email',$email);
$pdo_stmt->execute();
?>

<?php
$mysqli = new mysqli("localhost","root","root","dbname");
$mysqli->query("set names utf8");
$sql = " select id,name from user where id > ?";
$mysqli_stmt = $mysqli->prepare($sql);

$id = 1;
$mysqli_stmt->bind_param('i',$id);
$mysqli_stmt->bind_result($id,$name);
$mysqli_stmt->execute();

while($mysqli_stmt->fetch()){
echo $id.'--'.$name;
}

$mysqli_stmt->close();
$mysqli->close();
?>