$res = $mysqli->query("SELECT torrents.seeders, torrents.tube, torrents.banned, torrents.leechers, torrents.anonymous, torrents.info_hash, torrents.filename, torrents.last_reseed, LENGTH(torrents.nfo) AS nfosz, UNIX_TIMESTAMP() - UNIX_TIMESTAMP(torrents.last_action) AS lastseed, torrents.numratings, torrents.name, torrents.description, IF(torrents.numratings < $minvotes, NULL, ROUND(torrents.ratingsum / torrents.numratings, 1)) AS rating, torrents.owner, torrents.save_as, torrents.allow_comments, torrents.descr, torrents.visible, torrents.size, torrents.added, torrents.views, torrents.times_completed, torrents.id, torrents.free, torrents.type, torrents.numfiles, torrents.poster, torrents.url, categories.name AS cat_name, users.username, groups.image FROM torrents LEFT JOIN categories ON torrents.category = categories.id LEFT JOIN users ON torrents.owner = users.id LEFT JOIN groups ON users.groups = groups.id WHERE torrents.id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$row = mysqli_fetch_assoc($res);
如何准备此查询? 用于防止sql注入。
我试试这个:
$res = $mysqli->prepare('SELECT torrents.seeders WHERE torrents.id = :id');
if ($res->execute(array(':id', $id ))) {
var_dump($res->fetchAll());
}