Yes, you can run SQL queries using PHP, and the process involves choosing a database extension, connecting to the database, executing queries safely, and closing connections when done. To do this, first choose between MySQLi or PDO, with PDO being more flexible due to supporting multiple databases. Next, establish a connection using either PDO or MySQLi with proper credentials. Then, execute queries using prepared statements to prevent SQL injection—use $pdo->prepare() and ->execute() with PDO, or prepare() and bind_param() with MySQLi. Finally, close the connection by setting the PDO object to null or calling ->close() in MySQLi, ensuring secure and efficient database handling throughout the process.

Sure, you can definitely run SQL queries using PHP — it’s one of the most common ways to interact with a database in web development. The key is to connect properly and handle queries safely.

Choose the Right Extension

PHP has a few ways to talk to databases, but MySQLi and PDO (PHP Data Objects) are the two main options for working with MySQL databases.

• MySQLi is simpler and works well if you’re only using MySQL.
• PDO supports multiple databases (like PostgreSQL, SQLite, etc.), which makes it more flexible.

If you're not sure which to pick, go with PDO unless you have a specific reason to use MySQLi.

Connect to the Database

Before running any query, you need a connection. Here’s how you do it with both extensions:

With PDO:

$host = '127.0.0.1';
$db   = 'test_db';
$user = 'root';
$pass = '';
$charset = 'utf8mb4';

$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
try {
    $pdo = new PDO($dsn, $user, $pass);
} catch (\PDOException $e) {
    throw new \PDOException($e->getMessage(), (int)$e->getCode());
}

With MySQLi (procedural style):

$conn = mysqli_connect('localhost', 'root', '', 'test_db');
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

Make sure your credentials match what’s set up in your database server.

Run Queries Safely

Now that you're connected, you can execute SQL queries. But be careful — always guard against SQL injection attacks by using prepared statements.

Using PDO with prepared statements:

$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$_GET['id']]);
$user = $stmt->fetch();

Using MySQLi with prepared statements:

$stmt = $mysqli->prepare("INSERT INTO users (name, email) VALUES (?, ?)");
$stmt->bind_param("ss", $name, $email);
$stmt->execute();
$stmt->close();

A few tips:

• Never directly insert user input into a query string.
• Always check if the query succeeded or failed.
• Use LIMIT when fetching large datasets to avoid performance issues.

Close Connections When Done

You don’t have to manually close connections in PHP because they’ll be closed automatically at the end of the script. But if you're done early, closing them helps keep things clean.

With PDO, just set the connection to null:

$pdo = null;

With MySQLi:

$mysqli->close();

That’s basically it. It's not complicated once you get the hang of it, but there are a few easy-to-miss steps like sanitizing inputs and error handling that can save you from headaches later.

The above is the detailed content of How do I execute SQL queries using PHP?. For more information, please follow other related articles on the PHP Chinese website!