我是准备好的陈述的新手,所以如果这是一个基本问题我会提前道歉但是我如何将以下代码转换为预备语句并稍后执行呢?
<?php
$myQuery = "SELECT * FROM test WHERE ID=" . $_GET['ID'];
//run query
$result = $con->query($myQuery);
if (!$result) die('Query error: ' . mysqli_error($con));
?>
答案 0 :(得分:0)
查看http://www.w3schools.com/php/php_mysql_prepared_statements.asp,http://php.net/manual/en/mysqli.quickstart.prepared-statements.php(mysqli lib)或http://php.net/manual/en/pdo.prepared-statements.php(PDO lib)。
例如:
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Prepare statement
$stmt = $conn->prepare("SELECT * FROM test WHERE ID=?");
// set parameters
$stmt->bind_param("i", $_GET['ID']);
// execute
$stmt->execute();
// close resources
$stmt->close();
$conn->close();
答案 1 :(得分:0)
要拨打电话,您可以使用某些类似的;
$sCompanyCode = 'fkjahj12321';
$con = new PDO("connection string");
$sql = "SELECT CompanyID From Companies WHERE CompanyCode = :CompanyCode";
$st = $con->query( $sql );
$st->bindValue(":CompanyCode", $sCompanyCode, PDO::PARAM_STR);
$st->execute();
检索第一或单数结果;
if($row = $st->fetch()){
return (int)$row[0];
}
对于多个结果;
$aResults = array();
while ($row = $st->fetch()){
$aResults[] = $row;
}