一些用户输入,用于为查询分配值。
$builder_name = $_POST['name'];
$builder_city = $_POST['city'];
$builder_address = $_POST['address'];
$builder_contact = $_POST['contact'];
$builder_fax = $_POST['fax'];
我的脚本中有这个插入查询。
$query = "INSERT INTO builders SET builder_name='".$builder_name."', builder_city='".$builder_city."',builder_address='".$builder_address."',builder_phone='".$builder_contact."',builder_fax='".$builder_fax."',builder_logo='".$targetfile."'";
我想用准备声明保护它。我怎么能?