基本上,我想保护自己免受SQL注入的侵害。我曾尝试过在线搜索和观看视频,但无法确切了解我必须更改的内容,因为据我所知,每个人的操作都有些不同。任何帮助表示赞赏!
?php
// Create connection
$con = mysqli_connect("IPAddress","User","Password","DBName");
// Check connection
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}
$sql = "INSERT INTO Email_Subs (email)
VALUES ('$_POST[email]')";
if ($con->query($sql) === TRUE) {
echo "You have successfully subscribed!";
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
$con->close();
?>
答案 0 :(得分:1)
必须首先使用新的mysqli()而不是mysqli_connect(),以避免在以后的PHP版本中出现任何错误
<?php
/* CONNECTION */
$database_connection = new StdClass();
/** MySQL hostname */
$database_connection->server = 'localhost';
/** MySQL database username */
$database_connection->username = 'root';
/** MySQL database password */
$database_connection->password = '';
/** The name of the database */
$database_connection->name = 'yourdatabasename';
/* ESTABLISHING THE CONNECTION */
$database = new mysqli($database_connection->server, $database_connection->username, $database_connection->password, $database_connection->name);
if($database->connect_error) {
echo 'connection failed';
}
?>
然后做这样的事情:
$stmt = $database->prepare("INSERT INTO Email_Subs (email) VALUES (?)");
$stmt->bind_param("s", $_POST[email]);
$stmt->execute();
$stmt->close();
$database->close();