我有一个将数据插入mysql数据库表的函数。如何使用mysqli预处理语句来确保值是安全的?
//Inserts a new row into the database.
//takes an array of data, where the keys in the array are the column names
//and the values are the data that will be inserted into those columns.
//$table is the name of the table.
public function insert($data, $table) {
$columns = "";
$values = "";
foreach ($data as $column => $value) {
$columns .= ($columns == "") ? "" : ", ";
$columns .= $column;
$values .= ($values == "") ? "" : ", ";
$values .= $value;
}
$sql = "insert into $table ($columns) values ($values)";
$this->mysqli->query($sql) or die(mysql_error());
//return the last ID used in the database.
return $this->mysqli->insert_id;
}