[英]Prepared Statements MYSQL to MYSQLI
如何將以下過時的代碼行更改為准備好的語句,我試過通過閱讀一些教程,但我似乎無法理解?
$result = mysql_query("SELECT * from asset_records WHERE a_catagory LIKE '%Desktop%' GROUP BY a_make;") or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
echo '<li>';
echo "<a href='index.php? sc1=Desktop & sc2=a_make & sc3=". $row['a_make'] ."'>";
echo ' <span> ' . $row['a_make'] . '</span></a></td></li>'; }
echo "</ul></li>";
謝謝
通常,在接受用戶輸入時使用預准備語句。
在這種情況下,您不接受任何用戶輸入,因此您只需要標准查詢,因為不存在SQL注入的風險。
$mysqli = new mysqli('host', 'user', 'pass', 'db');
$result = $mysqli->query("SELECT * from asset_records WHERE a_catagory LIKE '%Desktop%' GROUP BY a_make");
if($result):
while($row = $result->fetch_array(MYSQLI_ASSOC)):
echo '<li>';
echo "<a href='index.php? sc1=Desktop & sc2=a_make & sc3=". $row['a_make'] ."'>";
echo ' <span> ' . $row['a_make'] . '</span></a></td></li>'; }
echo "</ul></li>";
endwhile;
endif;
對於PDO(如果你改變主意):
$conn = new PDO("mysql:host=your_host;dbname=your_db",$user,$pass);
$query = "SELECT * FROM asset_records WHERE a_category LIKE '%Desktop%' GROUP BY a_make";
$result = $connection->prepare($query);
$result->execute();
while($row = $result->fetch()) {
// DATA HERE
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.