$sql = "INSERT INTO users(user_name, user_pass, user_email, user_date, user_level)
VALUES('" . mysql_real_escape_string($_POST['user_name']) . "'
, '" . sha1($_POST['user_pass']) . "'
, '" . mysql_real_escape_string($_POST['user_email']) . "'
, now(), 0)";
$result = mysql_query($sql);
答案 0 :(得分:1)
// configuration
$dbtype = "sqlite";
$dbhost = "localhost";
$dbname = "test";
$dbuser = "root";
$dbpass = "admin";
// database connection
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$user_name='Mohoni';
$user_pass='mohinipass';
$user_email='mohini@yopmail.com';
$user_date='2014-03-21';
$user_level='first';
// query
$sql = "INSERT INTO users (user_name,user_pass,user_email,user_date,user_level)
VALUES (:user_name,:user_pass,:user_email,:user_date,:user_level)";
$q = $conn->prepare($sql);
$q->execute(array(':user_name'=>$user_name,
':user_pass'=>$user_pass,
':user_email'=>$user_email,
':user_date'=>$user_date,
':user_level'=>$user_level));
您可以使用$conn->quote作为字符串,如下所示:
$conn->quote($user_name);