PDO 语句的转义参数?
PDO 新手 - 我是否需要转义我传递到 PDO 准备好的语句中的参数(例如以下):
New to PDO - do I need to escape arguments I'm passing into a PDO prepared statement (such as the following):
$_GET['name'] = "O'Brady";
$sth = $dbh->prepare("INSERT INTO users SET name = :name");
$sth->bindParam(':name', $_GET['name']);
$sth->execute();
推荐答案
没有.文本字符串周围也不需要任何引号.只需按原样传入变量,MySQL 驱动程序将负责其余的工作.
No. Neither do you need any quotation marks around text strings. Just pass in the variables as they are and the MySQL driver will take care of the rest.
相关文章