Parameterized queries in PHP with MySQL connection

前端未结

关注

 2  1253

一向 2020-12-07 02:10

I\'ve read about SQL injection so I tried it with my site and of course it worked.. I know that the solution is parameterized queries and I also know that there are a lot of

2条回答

感情败类 (楼主)

2020-12-07 02:45
Here you go
```
$stmt = mysqli_prepare($dbc, "SELECT * FROM users WHERE username = ? AND password = ?");
mysqli_stmt_bind_param($stmt, "s", $userName);
mysqli_stmt_bind_param($stmt, "s", $userPass);
mysqli_stmt_execute($stmt);
$row = mysqli_stmt_fetch($stmt);
```
Documentation

As side note i would reccomend to encrypt your password or better use hash for security, it's not good to store password as plain text
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...