PDO语句的转义参数? [英] Escape arguments for PDO statements?
本文介绍了PDO语句的转义参数?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
PDO的新手-我是否需要转义要传递给PDO准备好的语句的参数(例如以下内容):
New to PDO - do I need to escape arguments I'm passing into a PDO prepared statement (such as the following):
$_GET['name'] = "O'Brady";
$sth = $dbh->prepare("INSERT INTO users SET name = :name");
$sth->bindParam(':name', $_GET['name']);
$sth->execute();
推荐答案
否.您也不需要在文本字符串周围使用任何引号.只需按原样传递变量,MySQL驱动程序就会处理其余的事情.
No. Neither do you need any quotation marks around text strings. Just pass in the variables as they are and the MySQL driver will take care of the rest.
这篇关于PDO语句的转义参数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文