有人可以更正此语句来停止sql注入, 我已阅读了很多答案,但不明白该怎么做。
$conn = new mysqli($servername, $username, $password,
$dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE daydxx SET $T1 ='$Dsc', $T2 = '$SV' WHERE date = '$Dt' AND
$T1 = '' OR date = '$Dt' AND $T1 IS NULL ";
if ($conn->query($sql) === TRUE) { etc etc