问号在MySQL中"WHERE column =?"的意义是什么? [英] What is the question mark's significance in MySQL at "WHERE column = ?"?

问题描述

我要剖析一些代码，并碰到它，

I am dissecting some code and came across this,

$sql = 'SELECT page.*, author.name AS author, updator.name AS updator '
     . 'FROM '.TABLE_PREFIX.'page AS page '
     . 'LEFT JOIN '.TABLE_PREFIX.'user AS author ON author.id = page.created_by_id '
     . 'LEFT JOIN '.TABLE_PREFIX.'user AS updator ON updator.id = page.updated_by_id '
     . 'WHERE slug = ? AND parent_id = ? AND (status_id='.Page::STATUS_REVIEWED.' OR status_id='.Page::STATUS_PUBLISHED.' OR status_id='.Page::STATUS_HIDDEN.')';

我想知道"是什么?在WHERE语句中执行.是某种参数持有人吗?

I am wondering what the "?" does in the WHERE statement. Is it some sort of parameter holder?

推荐答案

准备好的陈述使用?"在MySQL中允许将参数绑定到语句.如果使用得当，则高度认为可以更安全地防止SQL注入.这也可以加快SQL查询的速度，因为该请求只需要编译一次即可重用.

Prepared statments use the '?' in MySQL to allow for binding params to the statement. Highly regarded as more secure against SQL injections if used properly. This also allows for quicker SQL queries as the request only has to be compiled once and can be reused.

这篇关于问号在MySQL中"WHERE column =?"的意义是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！