dav*_*ave 1 php mysql parameterized
[状况:学习者]
我试图实现参数化查询,但我遇到了问题.Jonathan Sampson最近暗示如何做到这一点(#2286115),但我没有正确地遵循他的建议.这是我的剧本
$cGrade = "grade" ;
include_once ( "db_login.php" ) ;
$sql = "SELECT last_name AS last_name
, first_name AS first_name
, grade AS gr
, ethnic AS eth
, sex AS sex
, student_id AS id_num
, reason AS reason
, mon_init AS since
FROM t_tims0809
WHERE tag <> '' AND
tag IS NOT NULL AND
schcode = {$schcode}
ORDER
BY ('%s') " ;
$qResult = mysql_query ( sprintf ( $sql, $cGrade ) or ( "Error: " . mysql_error() ) ) ;
查询grade在ORDER BY短语中正常工作.
谢谢.
查看MySQLi预处理语句类:
$query = "INSERT INTO myCity (Name, CountryCode, District) VALUES (?,?,?)";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("sss", $val1, $val2, $val3);
$val1 = 'Stuttgart';
$val2 = 'DEU';
$val3 = 'Baden-Wuerttemberg';
/* Execute the statement */
$stmt->execute();
从PHP手册.
我觉得这是进行参数化查询的一种更优越的方式,我已经切换到准备好的语句,特别是在批量插入/选择期间.
| 归档时间: |
|
| 查看次数: |
577 次 |
| 最近记录: |