本文介绍了通过PDO进行参数化的SELECT查询?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
可能重复: 如何防止SQL注入?
Possible Duplicate: How to prevent SQL injection?
我试图弄清楚如何通过PDO进行SELECT来进行参数化查询,现在我有了以下代码:
I'm trying to figure out how to do a parameterized query via PDO doing a SELECT, and right now I've got this code:
function user_login($username, $password) { $conn = connection_getConnection(); $stmt = $conn->prepare("SELECT `password` FROM `users` WHERE `username` = :username"); $row = $stmt-> #WHAT DO I DO HERE? if (empty($row)) { } }所以,我在迷路的那条线上发表了评论.请从这里帮助我.
So, I placed a comment on the line I'm kind of lost on. Please help me out from here.
谢谢!
推荐答案PHP手册有一些很好的例子.
为您:
function user_login($username, $password) { $conn = connection_getConnection(); $sql = "SELECT `password` FROM `users` WHERE `username` = :username"; $stmt = $conn->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); $query = $stmt->execute(array(':username' => $username)); $rows = $query->fetchAll(); if (empty($rows)) { } }更多推荐
通过PDO进行参数化的SELECT查询?
发布评论