发表新帖
发表新帖

Do I have to use mysql_real_escape_string if I bind parameters?

前端 未结
关注
3 1835
不思量自难忘°
不思量自难忘° 2020-12-03 17:36

I have the following code:

function dbPublish($status)
{
 global $dbcon, $dbtable;

 if(isset($_GET[\'itemId\']))
 {
  $sqlQuery = \'UPDATE \' . $dbtable . \
3条回答
  • 离开以前
    离开以前 (楼主)
    2020-12-03 17:54 

    function dbPublish($status)    
{    
 global $dbcon, $dbtable;    

 if(isset($_GET['itemId']))    
 {    
  $sqlQuery = 'UPDATE ' . $dbtable . ' SET active = ? WHERE id = ?';    
  $stmt = $dbcon->prepare($sqlQuery);    
  $stmt->bind_param('ii', $status, $_GET['itemId']);    
  $stmt->execute();    
  $stmt->close();    
 }    
}

    0 讨论(0)
 看不清?
提交回复
热议问题