发表新帖
发表新帖

mysql query result in php variable

前端 未结
关注
5 1086
误落风尘
误落风尘 2020-11-30 07:56

Is there any way to store mysql result in php variable? thanks

$query = \"SELECT username,userid FROM user WHERE username = \'admin\' \";
$result=$conn->q
5条回答
  • 情书的邮戳
    情书的邮戳 (楼主)
    2020-11-30 08:52

    I personally use prepared statements.

    Why is it important?

    Well it's important because of security. It's very easy to do an SQL injection on someone who use variables in the query.

    Instead of using this code:

    $query = "SELECT username,userid FROM user WHERE username = 'admin' ";
$result=$conn->query($query);

    You should use this

    $stmt = $this->db->query("SELECT * FROM users WHERE username = ? AND password = ?");
$stmt->bind_param("ss", $username, $password); //You need the variables to do something as well.
$stmt->execute();

    Learn more about prepared statements on:

    http://php.net/manual/en/mysqli.quickstart.prepared-statements.php MySQLI

    http://php.net/manual/en/pdo.prepared-statements.php PDO

    0 讨论(0)
 看不清?
提交回复
热议问题