如何在PDO中替换mysql_real_escape_string以保持我的代码安全:
(PHP v7.x不再支持mysql_real_escape_string)
如果有人可以提供此代码行的示例,我将不胜感激: " ORDER BY" 。 mysql_real_escape_string($ order)。 " LIMIT:numRows&#34 ;;"
以下完整代码:
public static function getList( $numRows=1000000, $order="pageID ASC" ) {
$conn = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD );
$sql = "SELECT SQL_CALC_FOUND_ROWS *, UNIX_TIMESTAMP(pagePublicationDate) AS pagePublicationDate FROM web_pages
ORDER BY " . mysql_real_escape_string($order) . " LIMIT :numRows";
$st = $conn->prepare( $sql );
$st->bindValue( ":numRows", $numRows, PDO::PARAM_INT );
$st->execute();
$list = array();
while ( $row = $st->fetch() ) {
$article = new cmsEngine( $row );
$list[] = $article;
}
// Now get the total number of website pages that matched the criteria
$sql = "SELECT FOUND_ROWS() AS totalRows";
$totalRows = $conn->query( $sql )->fetch();
$conn = null;
return ( array ( "results" => $list, "totalRows" => $totalRows[0] ) );
}