标签:
1.预处理语句中使用占位符,分为 索引方式 和 关联方式
a.索引方式:
$pdo=new PDO($dns,$username,$password,$options);
$sql=‘select * from tests where username=?,password=?‘;
$stmt=$pdo->prepare($sql);
$stmt->execute(array($username,$password));
b.关联方式:
$pdo=new PDO($dns,$username,$password,$options);
$sql=‘select * from tests where username=:username,password=:password‘;
$stmt=$pdo->prepare($sql);
$stmt->execute(array(‘:username‘=>$username,‘:password‘=>$password));
2.更灵活的预处理方式
a.使用bindParam()绑定参数,参数只可使用变量,不可使用值
$pdo=new PDO($dns,$username,$password,$options);
$sql=‘select * from tests where username=:username,password=:password‘;
$stmt=$pdo->prepare($sql);
$stmt->bindParam(‘:username‘,$username);
$stmt->bindParam(‘:password‘,$password);
$stmt->execute();
b.使用bindValue()绑定参数,参数可使用值
$pdo=new PDO($dns,$username,$password,$options);
$sql=‘select * from tests where username=?,password=?;
$stmt=$pdo->prepare($sql);
$stmt->bindParam(1$username);
$stmt->bindParam(2,$password);
$stmt->execute();
标签:
原文地址:http://www.cnblogs.com/xxlleworld/p/5729158.html
