更新时间:2023-02-06 19:07:00
除了Alex Andrei注释仍然有效外,我强烈建议使用准备好的语句,而不是普通的SQL查询. 这是一篇有关如何处理MySQL准备的语句和数组参数(和不进行处理)的相关文章: mysqli bind_param用于字符串数组
Apart from the Alex Andrei comment which is still valid I would strongly suggest to use a prepared statement instead of a plain SQL query. This is a related post about what to do (and not to do) with MySQL prepared statements and array parameters: mysqli bind_param for array of strings
预备语句为您提供了免费"的更可靠和安全的动态参数绑定,这是您想要的,并且还具有更好的性能,特别是对于重复查询,因为预备语句由数据库引擎(预)编译,并且效率更高.执行.
Prepared statements offer "for free" a more reliable and secure dynamic parameter binding which is what you want, and also better performances especially with recurring queries because prepared statements are (pre-)compiled by the database engine and much more efficient to execute.