发表新帖
发表新帖

Learning SELECT FROM WHERE prepared statements

后端 未结
关注
4 1923
清歌不尽
清歌不尽 2020-12-04 04:07

Can someone re-write the below code as a prepared statement?

result = mysqli_query($con,\"SELECT * FROM note_system WHERE note = \'$cnote\'\") 
or die(\"Erro
4条回答
  • 醉话见心
    醉话见心 (楼主)
    2020-12-04 04:41

    Use pdo:

    http://php.net/manual/en/book.pdo.php

    from various docs:

    /* Connect to an ODBC database using driver invocation */
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';

try {
    $dbh = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

$sql = 'SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour';
$sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$sth->execute(array(':calories' => 150, ':colour' => 'red'));
$red = $sth->fetchAll();

    0 讨论(0)
 看不清?
提交回复
热议问题