慕村225694
您可以这样写:$qry = "SELECT * FROM mytable where userid='";$qry.= mysql_real_escape_string($_GET['userid'])."' AND category='";
$qry.= mysql_real_escape_string($_GET['category'])."' ORDER BY id DESC";但是要使用准备好的语句,最好使用泛型库,如PDO<?php /* Execute a prepared statement by passing an array of values */$sth = $dbh->prepare('SELECT * FROM mytable where userid=? a
nd category=?
order by id DESC');$sth->execute(array($_GET['userid'],$_GET['category']));
//Consider a while and $sth->fetch() to fetch rows one by one$allRows = $sth->fetchAll(); ?>或者,使用米斯里<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");/* check connection */if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();}$category = $_GET['category'];$userid = $_GET['userid'];/* create a prepared statement */if
($stmt = mysqli_prepare($link, 'SELECT col1, col2 FROM mytable where
userid=? and category=? order by id DESC')) {
/* bind parameters for markers */
/* Assumes userid is integer and category is string */
mysqli_stmt_bind_param($stmt, "is", $userid, $category);
/* execute query */
mysqli_stmt_execute($stmt);
/* bind result variables */
mysqli_stmt_bind_result($stmt, $col1, $col2);
/* fetch value */
mysqli_stmt_fetch($stmt);
/* Alternative, use a while:
while (mysqli_stmt_fetch($stmt)) {
// use $col1 and $col2
}
*/
/* use $col1 and $col2 */
echo "COL1: $col1 COL2: $col2\n";
/* close statement */
mysqli_stmt_close($stmt);}/* close connection */mysqli_close($link);?>
5204
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
