SQL选择查询与表单数据
[英]SQL select query with form data
问题描述
I would like to know if there is an alternative to the following(PLEASE NOTE I AM NOT WORRIED ABOUT SECURITY RIGHT NOW) 
我想知道是否还有以下替代方法(请注意,现在我不担心安全问题)
$value = $_GET['id'];
$query = "SELECT * from users WHERE username = '$value'";
So instead of having $value in apostrophes can we use it in the SQL statements without having to use the apostrophes and use and alternative? 因此,除了在撇号中使用$ value之外,我们还可以在SQL语句中使用它,而不必使用撇号以及使用和替代吗?
1 个解决方案
解决方案1
0 2013-12-12 20:31:40
You want to use bind variables. 您要使用绑定变量。 Refer to the documentation for an example (that's an Oracle example, but other DB's should be similar). 请参考文档中的示例(这是一个Oracle示例,但是其他数据库应该相似)。
Bind variables will also help your application performance with most databases, since the query plan can be reused if you are executing multiple queries of this type. 绑定变量还可以帮助您提高大多数数据库的应用程序性能,因为如果您正在执行此类型的多个查询,则可以重新使用查询计划。
Since you updated your answer to indicate you were using MySQL, refer here for an example of bind variables for that DB. 由于更新了答案以表明您正在使用MySQL,因此请在此处参考该数据库的绑定变量示例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.