我想知道如何将此查询转换为预准备语句。我是否必须将两者转换为准备好的声明(最好的情况是如果你知道面向对象的风格,但另一个也没关系......)?我完全不知道如何做到这一点,因为通常你在准备好的语句中立即获取数组,这样你就可以关闭它们,不是吗?
如果没有办法,你有什么方法吗?
PHP:
$queryinquery = "SELECT `followed` FROM `follows` WHERE `follower` = '$username'";
$query1 = mysqli_query($db, "
SELECT * FROM `whatever` WHERE `id` IN ($queryinquery) ORDER BY `id` DESC LIMIT 10;
");
答案 0 :(得分:1)
试试这个。
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("SELECT * FROM `whatever` WHERE `id` IN (SELECT `followed` FROM `follows` WHERE `follower` = ?) ORDER BY `id` DESC LIMIT 10");
$stmt->bind_param("s", $username);
// set parameters and execute
$username= "John";
$stmt->execute();
// fetch your data code here
$stmt->close();
$conn->close();
?>