Parameterized Queries

前端 未结 2 394
旧巷少年郎
旧巷少年郎 2021-01-27 06:05

I am currently learning parametrized queries as there are advantages to using them.

Could someone give some pointers by converting this block of code to a parametrized v

相关标签:
2条回答
  • 2021-01-27 06:09

    The general rule is: Every variable should be binded, no inline variables at all.

    Technical details: http://php.net/manual/en/pdo.prepare.php

    0 讨论(0)
  • 2021-01-27 06:31

    in your case there is no advantage, remember a parameterised query requires 2 calls to the db : one to setup the query template and parse, the other to populate the query template params and is typically used when looping. So in this instance you're better off calling a stored procedure (always the best choice) or using inline sql and making sure you use http://php.net/manual/en/function.mysql-real-escape-string.php when applicable.

    0 讨论(0)
提交回复
热议问题