bind_param() 有什么作用?
$resultSpendStmt = $connection->prepare(...);
$array->bind_param("sdidi", $A, $B, $C, $D, $E);
$array->execute();
$array->store_result();
$array->bind_result($F, $G, $H, $I, $J, $K);
我仍然有点不确定 bind_param 的作用.有人可以举个例子来说明什么是意思吗?
I am still a little unsure what bind_param does. Can someone give me an example as to what is means?
推荐答案
在准备 SQL 语句时,可以在列值所在的位置插入占位符 (?),然后使用 bind_param() 以安全地将该占位符替换为实际列的值.这可以防止 SQL 注入的任何可能性.
When you prepare an SQL statement, you can insert a placeholder (?) where a column value would go, then use bind_param() to safely substitute that placeholder for the real column's value. This prevents any possibility of an SQL injection.
您可以在此处阅读有关 bind_param() 的更多信息.
相关文章