$user_name = "name";
$password = "password";
$database = "words";
$server = "host";
$db_handle = mysql_connect($server, $user_name, $password) or die (mysql_error());
$db_found = mysql_select_db($database, $db_handle) or die (mysql_error());
$randVerb = mysql_query("SELECT * FROM verbs ORDER BY RAND() LIMIT 1");
$db_field = mysql_fetch_assoc($randVerb);
$definition= $db_field['def'];
我已经读过为了防止SQL注入,所有MySQL语句实际上应该是我的mysqli和参数化。上面的代码连接到数据库,选择一个随机的'动词'行,然后使用mysql_fetch_assoc获取与'verb'行和def列(该动词的定义)相交的单元格。
如何从注入中将其转换为mysqli代码?我会在mysqli中使用mysql_fetch_assoc吗?