我对MYSQLI准备的语句有些困惑。如果您使用准备好的语句,那么数据将自动转义还是仍然需要转义。
我在下面附加了一些代码-根据此示例,数据是自动转义的还是我也必须这样做?
include("configi.php");
$stmt = $conn->prepare("INSERT INTO phx_userid (comp_name, email, password, user_sec_level, user_status, username, contact_name, comp_type, comp_system_option) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssiissss", $comp_name, $email_address, $password, $user_sec_level, $user_status, $email_address, $contact_name, $comp_type, $comp_system_option);
// set parameters and execute
$comp_name = $comp_name;
$email_address = $email_address;
$password = password_hash($password, PASSWORD_DEFAULT);
$user_sec_level = 600;
$user_status = 0;
$contact_name = $first_name . " " . $last_name;
$comp_type = "fintrack";
$comp_system_option = "standard";
$stmt->execute();
没有错误-我只想检查我是否做对了。