php里怎么找不到sqlparameter???
搜索了下可以像这样指定MYSQL的参数类型,$query = sprintf("SELECT * FROM Users where UserName='%s' and Password='%s'",
mysql_real_escape_string($Username),
mysql_real_escape_string($Password));
mysql_query($query);
//-----or
$db = new mysqli("localhost", "user", "pass", "database");
$stmt = $mysqli -> prepare("SELECT priv FROM testUsers WHERE username=? AND password=?");
$stmt -> bind_param("ss", $user, $pass);
$stmt -> execute();
看到一老外像这样写,,这个,看起来怪怪的
<?php
$id = mysql_real_escape_string( $_GET['id'] );
$q = "SELECT * FROM `table` WHERE `id` = $id";
?>
表23-1bind_param第一个参数字符描述
字符种类
代表的数据类型
I
integer
D
double
S
string
B
blob
页:
[1]