PHP 八

2019-09-06 09:56:48 作者：互联网

预处理 (参数绑定) OOP

i - 整数 / d - 双精度浮点数 / s - 字符串 / b - 布尔值 (作用指定数据类型,保证数据安全,防止SQL注入)
设置SQL语句模板
生成预处理语句对象 $mysqli->prepare
绑定参数 $stmt->bind_param
执行预处理语句 $stmt->execute();

$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?,?,?,?)");
$stmt->bind_param('sssd',$code,$language,$official,$percent);


$code = 'DEU';
$language = 'Bavarian';
$official = "F";
$percent = 11.2;


$stmt->execute();

$stmt = mysqli_prepare($link,"INSERT INTO CountryLanguage VALUES(?,?,?,?)");
mysqli_stmt_bind_param($stmt,'sssd',$code,$language,$official,$percent);


$code = 'DEU';
$language = 'Bavarian';
$official = "F";
$percent = 11.2;


mysqli_stmt_execute($stmt);

Example 执行一条使用命名占位符的预处理语句

<?php

$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name,colour,calories 
              FROM fruit
              WHERE calories < :calories AND colour = : colour');

$sth->bindParam(':calories',$calories,PDO::PARAM_INT);
$sth->bindParam(':colour',$colour,PDO::PARAM_STR,12);
$sth->execute();
?>

标签：code,prepare,colour,calories,stmt,mysqli,PHP
来源： https://www.cnblogs.com/zhangzongke/p/11471130.html