php – PDO编写语句,正确使用?
发布时间:2020-05-25 09:14:03 所属栏目:PHP 来源:互联网
导读:我只需要确保我已正确获得PDO准备语句,SQL注入是否可以保护以下代码? $data[username] = $username;$data[password] = $password;$data[salt] = $this-generate_salt();$data[email] = $email;$sth = $this-db-prepare(INSERT I
|
我只需要确保我已正确获得PDO准备语句,SQL注入是否可以保护以下代码? $data['username'] = $username;
$data['password'] = $password;
$data['salt'] = $this->generate_salt();
$data['email'] = $email;
$sth = $this->db->prepare("INSERT INTO `user` (username,password,salt,email,created) VALUES (:username,:password,:salt,:email,NOW())");
$sth->execute($data);
是的,您的代码是安全的.但它可以缩短:
$data = array( $username,$password,$this->generate_salt(),$email );
// If you don't want to do anything with the returned value:
$this->db->prepare("
INSERT INTO `user` (username,created)
VALUES (?,?,NOW())
")->execute($data); (编辑:安卓应用网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |