我在google搜索时在一些代码示例中找到了这个:
$sql = 'INSERT INTO users (username,passwordHash) VALUES (?,?)';
这对我来说是新的,但我猜它是一种替代方法,等同于
$sql = "INSERT INTO users (username,passwordHash) VALUES ($username,$passwordHash)";`
要么
$sql = 'INSERT INTO users (username,passwordHash) VALUES (' . $username . ',' . $passwordHash . ')';`
那是对的吗?它是一个真正的PHP语法,还是他只是想简化他的例子?
感谢您的反馈,伙计们
这在
prepared statements中很常见.仅作为占位符,如下面的PHP文档所示:
$stmt = $dbh->prepare("INSERT INTO REGISTRY (name,value) VALUES (?,?)");
$stmt->bindParam(1,$name);
$stmt->bindParam(2,$value);
// insert one row
$name = 'one';
$value = 1;
$stmt->execute();
// insert another row with different values
$name = 'two';
$value = 2;
$stmt->execute();
