Bind variables in a mysql_query statement

Example mysql_query:

$query=mysql_query("SELECT `col1`, `col2` FROM `table` WHERE
`col1`='$escapedvariable' ");

I know the above is not good in practice.

Better query using prepare and execute

$pSt = $dbh->prepare('SELECT col1, col2 FROM table WHERE col1=:col1);

$pSt->execute(array(':col1'=>$escapedvariable);

$status=$pSt->errorCode();

Question: Can I use mysql_query with bound variables for added security?

No, you have to use mysqli-functions or PDO.

来源：https://stackoverflow.com/questions/4836821/bind-variables-in-a-mysql-query-statement

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!