参数化查询的示例 [英] Examples of parameterized queries

问题描述

请问有人可以给我提供有关如何在MySQL/PHP中使用参数化查询的示例吗?

Could anyone give me examples of how to use parameterized queries with MySQL/PHP please?

推荐答案

参数化查询本质上是抽象查询所有输入的查询.这具有几个良好的副作用，例如使所有输入无害(即，不可能进行有害注入)，并且由于它是预先分析和编译的，因此在重复使用时使其更快，因此引擎知道如何应用给定的输入.纯mysql中的一个示例是:

A parameterized query is essentially a query which abstracts away all the input. This has several good side effects, like making all input harmless (ie. no harmful injections are possible) and making it faster when used repeatedly, since it is pre-parsed and compiled, so the engine knows how to apply the input given. An example in pure mysql is:

PREPARE qry FROM "INSERT INTO tbl VALUES (?)";

该语句现已编译并缓存，可以重复执行，而无需重新编译和解释它:

The statement is now compiled and cached, and can be executed repeatedly without needing to recompile and interpret it:

SET @var = "some input";
EXECUTE qry USING @var;
SET @var = "some other input";
EXECUTE qry USING @var;

在PHP中使用时，通常是这样的(缩短的):

When used in PHP, it's usually like this (shortened):

$stmt = prepare('INSERT INTO tbl VALUES(?)');
execute($stmt, array("some input"));
execute($stmt, array("some other input"));
execute($stmt, array("some more input"));

这篇关于参数化查询的示例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！