zencart数据库操作实例

<?php
//Zen Cart Database Abstraction Layer 			Zen Cart数据库抽象层
//Basic Example									基本示例
//A sample database inquiry to retrieve the model number of a specified product number would occur like this:
//用于检索指定产品编号的型号的样品数据库查询会发生如下情况：

$theProductId = 25;
global $db;
$sql = "select products_model from " . TABLE_PRODUCTS . " where products_id = :productID:";
$sql = $db->bindVars($sql, ':productID:', $theProductId, 'integer');
$result = $db->Execute($sql);

if ($result->RecordCount() > 0) {
  echo 'Model number = ' . $result->fields['products_model'];
} else {
  echo 'Sorry, no record found for product number ' . $theProductId;
}



//Understanding the basic example				了解基本示例
global $db;
//This makes the $db object (which is used to communicate to the database) available for use in the scope of your code.
//这使$db对象（用于与数据库通信）可用于您的代码范围。

$sql = "select products_model from " . TABLE_PRODUCTS . " where products_id = :productID:";

/*This specifies the SQL query which you intend to run. You can determine specific fields and tables by referencing the schema documentation or looking at the raw database structure directly.
The TABLE_PRODUCTS constant is used in order to support table-prefixes, since the constant will automatically contain the prefix, according to the logic in the /includes/filenames.php script and the DB_PREFIX value in your /includes/configure.php file.*/
/*这指定了你打算运行的SQL查询。 您可以通过引用架构文档或直接查看原始数据库结构来确定特定的字段和表格。
TABLE_PRODUCTS常量用于支持表前缀，因为常量将根据/includes/filenames.php脚本中的逻辑和/includes/configure.php文件中的DB_PREFIX值自动包含前缀。
//Note the :productID: is a placeholder which is handled by the next line:
请注意 :productID：是由下一行处理的占位符：*/

$sql = $db->bindVars($sql, ':productID:', $theProductId, 'integer');

//This essentially takes the $sql variable contents from the previous line (the query to be run) and replaces all occurrences of ':productID: with the value of $theProductId AFTER first ensuring that the $theProductId is an 'integer' value. (This is for security reasons so nobody can do an SQL injection hack against your script.) Additional bindVars datatypes besides 'integer' are listed below.
//这基本上从上一行（要运行的查询）获取$ sql变量内容，并将所有出现的'：productID：'替换为$ theProductId的值后首先确保$ theProductId是'整数'值。 （这是出于安全原因，所以没有人可以对您的脚本执行SQL注入攻击）。下面列出了除'integer'之外的其他bindVars数据类型。

$result = $db->Execute($sql);

//This runs the actual query, whose results are stored in the database object named $result.
//这将运行实际查询，其结果存储在名为$ result的数据库对象中。

if ($result->RecordCount() > 0) {
<pre>  echo 'Model number = ' . $result->fields['products_model'];
} else {
  echo 'Sorry, no record found for product number ' . $theProductId;
}

//This checks to see whether there was more than 0 records returned from the query. If yes, the model number is echoed to the screen. If not, a message to that effect is displayed
//这将检查查询是否有多于0条记录返回。 如果是，则型号会回显到屏幕上。 如果没有，则显示该消息






//Example of looping through multiple records		循环多个记录的示例
//A simple example to list all the currencies in your database, along with the currently-configured exchange rates:
//一个简单的例子，列出数据库中的所有货币以及当前配置的汇率：

global $db;
$sql = "select title, code, value, last_updated from " . TABLE_CURRENCIES;
$result = $db->Execute($sql);

if ($result->RecordCount() > 0) {
  while (!$result->EOF) {
    echo '<p>Currency name: ' . $result->fields['title'];
    echo ', code: ' . $result->fields['code'];
    echo ', Exchange Rate: ' . $result->fields['value'];
    echo '</p>';
    $result->MoveNext();
  }
} else {
  echo '<p>Sorry, no currencies found.</p>';
}



//Understanding the loop example		了解循环示例

global $db;
//See description in previous example.	请参阅前面示例中的说明。

$sql = "select title, code, value, last_updated from " . TABLE_CURRENCIES;

//SQL query to be run. See explanation in previous example.
//NOTE: There is no use of bindVars() here, because there is no parameter supplied as selection criteria for the query.
//SQL查询被运行。 请参阅上例中的解释。
//注意：这里没有使用bindVars（），因为没有参数作为查询的选择条件提供。

$result = $db->Execute($sql);

//Execute query - same as previous example.	执行查询 - 与前面的示例相同。

if ($result->RecordCount() > 0) {

//Check to see if we have any results.	检查我们是否有任何结果。
  while (!$result->EOF) {
  //This starts a loop through the results returned from the database.	这将启动从数据库返回的结果的循环。
    echo '<p>Currency name: ' . $result->fields['title'];
    echo ', code: ' . $result->fields['code'];
    echo ', Exchange Rate: ' . $result->fields['value'];
    echo '</p>';
//This simply echoes the retrieved data to the screen. Note the reference to the individual fields via $result->fields['field-name']
//这只是将检索到的数据回显到屏幕上。 请注意通过$result->fields['field-name']对单个字段的引用
    $result->MoveNext();
  }
//This tells it to jump to the next record in the set of results, and go back through the output again ... repeatedly until the "while" condition meets EOF (end of file, aka end of returned results).
//这告诉它跳到结果集中的下一个记录，并再次返回输出......直到“while”条件满足EOF（文件结束，也就是返回结果的结尾）。
} else {
  echo '<p>Sorry, no currencies found.</p>';
}
//If the IF statement above (for RecordCount) failed ... meaning we have 0 records returned ... then we display a message to that effect.
//如果上面的IF语句（对于RecordCount）失败......意味着我们有0条记录返回......那么我们将显示一条消息来说明这种情况。






//Finding out what record number was inserted	找出插入的记录号码
//When you run a query with an INSERT statement in it, you can find out the record number assigned to the new line you added by referencing $db->Insert_ID(), like this:
//当你运行一个INSERT语句的查询时，你可以找到分配给你通过引用 $db->Insert_ID() 添加的新行的记录号，如下所示：

global $db;
$sql = "insert into " . TABLE_SOMETHING . " (fieldname1, fieldname2) values (:value1:, :value2:)";
$sql = $db->bindVars($sql, ':value1:', $valueOne, 'integer');
$sql = $db->bindVars($sql, ':value2:', $valueTwo, 'string');
$result = $db->Execute($sql);
$newRecordId = $db->Insert_ID();
echo 'The new record added was number: ' . $newRecordId;






//BindVars Datatypes		BindVars数据类型
//Available datatypes for use in bindVars() parameters include the following. In practice, the first 4 are used the most:
//用于bindVars() 参数的可用数据类型包括以下内容。 在实践中，前4个使用得最多：
/***************************************************************************
integer - ensures that the supplied data is an integer
string - ensures that the supplied data is a string, and escapes any quotes, and adds quotes around it
noquotestring - ensures that the supplied data is a string, and escapes any quotes in it, but doesn't add quotes around it
float - ensures that the supplied data is numeric, including ensuring that a blank string is converted to a 0
currency - similar to 'string'
date - similar to 'string'
enum - similar to mysql enum type: forces data to be within available list of choices
regexp - checks that the supplied parameter is formatted as a regular expression
*******************************************************************************
整数 - 确保提供的数据是一个整数
字符串 - 确保提供的数据是一个字符串，并转义任何引号，并在引号中加上引号
noquotestring - 确保提供的数据是一个字符串，并转义其中的任何引号，但不会在其周围添加引号
float - 确保提供的数据是数字的，包括确保将空字符串转换为0
货币 - 类似于'string'
日期 - 类似于'string'
枚举 - 与mysql枚举类型类似：强制数据位于可用的选项列表中
regexp - 检查提供的参数是否被格式化为正则表达式
*/

//Escaping Content		转义内容
/***********************************************************************************************************************************************
Many people are tempted to directly use "mysql_escape_string()" function calls, or merely use "add_slashes()". But the BEST way to do it is with BindVars as described above.

However, if you have a strong objection to using the safeties and protections that BindVars offers, and you know why you're not using it, then you could use $db->prepare_input($value).

For optimal future-proofing of your code, ALWAYS USE ZEN CART FUNCTIONS FOR ACCESSING THE DATABASE, and don't make direct calls to mysql_xxxxx() or mysqli_xxxxx() functions.
***************************************************************************************************************************************************
许多人试图直接使用“mysql_escape_string（）”函数调用，或者仅仅使用“add_slashes（）”。 但是最好的方法是使用上面描述的BindVars。

但是，如果您强烈反对使用BindVars提供的安全和保护，并且您知道为什么不使用它，则可以使用$ db-> prepare_input（$ value）。

为了优化代码的未来发展，请始终使用ZEN CART功能来访问数据库，并且不要直接调用mysql_xxxxx（）或mysqli_xxxxx（）函数。
*/