abstract:prepare($sql); //参数绑定 $name='东方不败'; $email='dong@qq.com'; $passsword=sha1('123456'); $creatTime=time(); $stmt->bindParam(':name',$name,PDO::PARAM_STR,20); $stmt->bindParam(':email',$email,PDO::PARAM_STR,100); $stmt->bindParam(':password',$passsword,PDO::PARAM_STR); $stmt->bindParam(':creat_time',$creatTime,PDO::PARAM_INT); //执行添加 if($stmt->execute()){ //rowCount()返回受影响的记录条数 echo ($stmt->rowCount()>0) ? '成功添加了'.$stmt->rowCount().'条记录':'没有记录被添加'; }else{ exit(print_r($stmt->errorInfo(),true)); }
Correcting teacher:西门大官人Correction time:2019-03-03 11:38:47
Teacher's summary:pdo对数据库的操作,bind充当着非常重要的安全作用,通过绑定参数,pdo可以避免常见的sql注入攻击
