|
本文介绍下,在php中,进行mysql参数化查询的一个例子,有需要的朋友参考下。
分享下,php mysql参数化查询的例子。 代码:
<?php
//例一
$query = sprintf("SELECT * FROM Users where UserName='%s' and Password='%s'",
mysql_real_escape_string($Username),
mysql_real_escape_string($Password));
mysql_query($query);
//例二
$db = new mysqli("localhost", "user", "pass", "database");
$stmt = $mysqli -> prepare("SELECT priv FROM testUsers WHERE username=? AND password=?");
$stmt -> bind_param("ss", $user, $pass);
$stmt -> execute();
?>登入後複製 |
