Php PDO优化 [英] Php PDO optimization

问题描述

大家好，



只是想知道我是做得对还是下面的PHP pdo代码可以优化？



忘了提到我现在使用stripslashes和bind param ..现在从sql注入安全吗？如有任何更好的优化，请随时评论。



我尝试过：

Hi Everyone,

Just wondering if I am doing it right or the PHP pdo code below can be optimized?

Forgot to mentioned i used stripslashes and bind param now.. is it safe now from sql injection? please feel free to comment for any better optimization.

What I have tried:

// Secure and sanitize post variables.
$start = trim(stripslashes($_POST['start']));
$end = trim(stripslashes($_POST['list_records']));
$total_RowCount = trim(stripslashes($_POST['total_records']));


<pre><$stmt = $db->prepare("SELECT a,b,c FROM employees ORDER BY emp_no DESC LIMIT ?,?");
$stmt->bindParam(1, $start,PDO::PARAM_INT);
$stmt->bindParam(2, $end,PDO::PARAM_INT);
$stmt->execute();
$data = $stmt->fetchAll();

推荐答案

start = trim（stripslashes（

start = trim(stripslashes(

_POST ['start']））;

_POST['start']));

end = trim（stripslashes（

end = trim(stripslashes(

这篇关于Php PDO优化的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！