通过PDO进行参数化的SELECT查询? [英] Parameterized SELECT queries via PDO?
本文介绍了通过PDO进行参数化的SELECT查询?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
可能重复:
如何防止SQL注入?
Possible Duplicate:
How to prevent SQL injection?
我试图弄清楚如何通过PDO进行SELECT来进行参数化查询,现在我有了以下代码:
I'm trying to figure out how to do a parameterized query via PDO doing a SELECT, and right now I've got this code:
function user_login($username, $password) {
$conn = connection_getConnection();
$stmt = $conn->prepare("SELECT `password` FROM `users` WHERE `username` = :username");
$row = $stmt-> #WHAT DO I DO HERE?
if (empty($row)) {
}
}
所以,我在迷路的那条线上发表了评论.请从这里帮助我.
So, I placed a comment on the line I'm kind of lost on. Please help me out from here.
谢谢!
推荐答案
PHP手册有一些很好的例子.
为您:
function user_login($username, $password) {
$conn = connection_getConnection();
$sql = "SELECT `password` FROM `users` WHERE `username` = :username";
$stmt = $conn->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$query = $stmt->execute(array(':username' => $username));
$rows = $query->fetchAll();
if (empty($rows)) {
}
}
这篇关于通过PDO进行参数化的SELECT查询?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文