0 
function get_articles_on_home(){
        global $connection;
        $query = "SELECT * FROM articles ORDER BY position ASC"
        $output = mysqli_query($connection, $query);
        confirm_query($output);
        return($output); 

    }

我应该安全地准备这个函数还是对数据进行编码,还是因为用户此时没有输入任何内容而可以?如果是这样,我该怎么做?谢谢

4

1 回答 1

0

Since you don't deal with any user input there is no way of injecting your query, but you have a syntax error, probably a typo. You are missing a semicolon ; right after your query

 $query = "SELECT * FROM articles ORDER BY position ASC"; //here was missing
于 2013-06-07T05:39:19.347 回答