我得到以下代码:
// If user access item through link
if(isset($_POST["v"])) {
require "connect.php";
$v = $_POST['v'];
$sql = "SELECT * FROM videos WHERE videoID=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo'Sql Error';
exit();
}
else {
mysqli_stmt_bind_param($stmt, "i", $v);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (($row = mysqli_fetch_assoc($result)) && !preg_match("/[a-zA-Z]/", $v)) { ?>
Title <?php echo $row['Title']; ?> exists
}
else { ?>
Title does not exist
}
}
}
// If user clicks on item
if(isset($_POST["itemid"])) {
require "connect.php";
$itemid = $_POST['itemid'];
$sql = "SELECT * FROM videos WHERE videoID=?;";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo'Sql Error';
exit();
}
else {
mysqli_stmt_bind_param($stmt, "i", $itemid);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (($row = mysqli_fetch_assoc($result)) && !preg_match("/[a-zA-Z]/", $itemid)) { ?>
Title <?php echo $row['Title']; ?> exists
}
else { ?>
Title does not exist
}
}
}
如您所见,两个Isset if非常相似,我想知道是否存在将两者结合的解决方案,这样我就不必两次写相同的结果,也是否有人想就sql注入安全性提供反馈在我的代码上将受到欢迎!
这也是我在这里的第一个问题,因此,如果您需要我详细说明一下,请告诉我。