PHP 八
作者:互联网
预处理 (参数绑定) OOP
i - 整数 / d - 双精度浮点数 / s - 字符串 / b - 布尔值 (作用指定数据类型,保证数据安全,防止SQL注入)
设置SQL语句模板
生成预处理语句对象 $mysqli->prepare
绑定参数 $stmt->bind_param
执行预处理语句 $stmt->execute();
$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?,?,?,?)"); $stmt->bind_param('sssd',$code,$language,$official,$percent); $code = 'DEU'; $language = 'Bavarian'; $official = "F"; $percent = 11.2; $stmt->execute();
$stmt = mysqli_prepare($link,"INSERT INTO CountryLanguage VALUES(?,?,?,?)"); mysqli_stmt_bind_param($stmt,'sssd',$code,$language,$official,$percent); $code = 'DEU'; $language = 'Bavarian'; $official = "F"; $percent = 11.2; mysqli_stmt_execute($stmt);
Example 执行一条使用命名占位符的预处理语句
<?php $calories = 150; $colour = 'red'; $sth = $dbh->prepare('SELECT name,colour,calories FROM fruit WHERE calories < :calories AND colour = : colour'); $sth->bindParam(':calories',$calories,PDO::PARAM_INT); $sth->bindParam(':colour',$colour,PDO::PARAM_STR,12); $sth->execute(); ?>
标签:code,prepare,colour,calories,stmt,mysqli,PHP 来源: https://www.cnblogs.com/zhangzongke/p/11471130.html