更新时间:2023-01-30 07:42:17
如果您使用 PDO,则不应使用 mysql_real_escape_string
.PDO 库有一个非常强大的 SQL 占位符方法 做得更好.
If you're using PDO, you should not be using mysql_real_escape_string
. The PDO library has a very robust SQL placeholder method that does a much better job.
$STH = $dbh->query("SELECT * FROM tblusers WHERE username = :username");
$STH->bindParam(':username', $username);
$STH->setFetchMode(PDO::FETCH_ASSOC);
$result = $STH->fetch();