doukang1962 2015-01-09 19:15
浏览 78
已采纳

准备好的陈述 - 我是否应该在没有(?)占位符的查询中使用php预处理语句?

It makes perfect sense to me to use prepared statements in a query of the following type:

$sqlQuery = "SELECT phone FROM contact WHERE name = ? ";

However, in the following situation, does it make sense and is it useful to use prepared statements, as sometimes seen?

$sqlQuery = "SELECT name FROM contact";

Thanks in advance

  • 写回答

2条回答 默认 最新

  • duanfu1942 2015-01-09 19:32
    关注

    If you are running a query without any user-entered variables, you can just do:

    $db->query("SELECT name FROM contact")

    As soon as you start entering in user-inputted data, then you need to use a prepared statement.

    $db->prepare("SELECT phone FROM contact WHERE name = ?");
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测