记录一下,php下的mysql参数化查询
使用mysql函数的写法:
$query = sprintf("SELECT * FROM Users where UserName='%s' and Password='%s'",
mysql_real_escape_string($Username),
mysql_real_escape_string($Password));
mysql_query($query);
使用mysqli函数的写法实例:
$con = mysqli_connect('localhost','root','');
$id=1;
$query=sprintf("select * from users where id='%s'",mysqli_real_escape_string($con,$id));
$result=mysqli_query($con,$query);