我决定在推荐之后使用PDO,我在下面找到了这个代码。那些代码足以防止SQl注入?班级是更好的选择吗?
<?
class database {
private $hostname;
private $database;
private $username;
private $password;
private $pdo;
function __construct($hostname, $database, $username, $password) {
$this->pdo = new PDO("mysql:host={$this->hostname};port={$this->port};dbname={$this->database}", $this->username, $this->password, array(PDO::ATTR_PERSISTENT => true));
} catch(PDOException $e) {
print "<b>Error - Connection Failed: </b>" . $e->getMessage() . "<br/>";
die();
}
}
public function query($query, $bind = null) {
global $pdo;
$this->statement = $this->pdo->prepare($query);
$this->statement->execute($bind);
}
$date = date("Y-m-d H:i:s", time());
$database->query('INSERT INTO users_inactive(verCode, username, password, email, date) VALUES (?, ?, ?, ?, ?)', array($verCode, $username, $password, $email, $date));
$success[] = "You account has been created!";
?>
答案 0 :(得分:1)
此代码包含语法错误,简写和全局变量。不,使用起来不够好。