I am surprised to find out that this hasn't been asked
also is either enough to protect against SQL injection?
Thank you
user2150929
问问题
617 次
1 回答
1
I'm guessing you're using mysql or mysqli, you should switch over to PDO and use prepare statements instead of escaping it.
As requested. You should have a look at this site.
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$STH = $DBH->prepare("INSERT INTO users (username, password) values (:username, :password)");
$STH->bindParam(':username', $username);
$STH->bindParam(':password', $password);
$STH->execute();
?>
于 2013-04-24T06:43:42.537 回答