我有两个问题
下面的代码是练习反对 SQL 注入的好方法吗(它似乎可以作为插入方法工作)
如何在完整示例中放置此错误消息:
if (!mysqli_query($query,$link)) { die('Error: ' . mysqli_error()); }
这是完整的例子:
<?php
$link = mysqli_connect("localhost","root","", "runtracker");
if (!$link)
{
die('Could not connect: ' . mysqli_error());
}
$query="INSERT INTO userinfo (UserName) VALUES (?)";
if ($stmt = mysqli_prepare($link, $query)) {
// Lets create the variables
$name = $_POST['UserName'];
// Bind the variables and execute the query
mysqli_stmt_bind_param($stmt,"s", $name);
mysqli_stmt_execute($stmt);
// And now we close the statement
mysqli_stmt_close($stmt);
}
echo "1 record added";
mysqli_close($link);
?>