问题
$resultSpendStmt = $connection->prepare(...);
$array->bind_param("sdidi", $A, $B, $C, $D, $E);
$array->execute();
$array->store_result();
$array->bind_result($F, $G, $H, $I, $J, $K);
I am still a little unsure what bind_param does. Can someone give me an example as to what is means?
回答1:
When you prepare an SQL statement, you can insert a placeholder (?) where a column value would go, then use bind_param() to safely substitute that placeholder for the real column's value. This prevents any possibility of an SQL injection.
You can read more about bind_param() here.
来源:https://stackoverflow.com/questions/10874644/what-does-bind-param-do