所以我正在调查整个PDO的事情,当我遇到这个代码时,我正在阅读这个博客教程,解释是如果我使用PDO进行数据绑定 – 用户将无法添加sql注入.这是如何运作的?
# no placeholders - ripe for sql Injection! $STH = $DBH->("INSERT INTO folks (name,addr,city) values ($name,$addr,$city)"); # unnamed placeholders $STH = $DBH->("INSERT INTO folks (name,city) values (?,?,?); # named placeholders $STH = $DBH->("INSERT INTO folks (name,city) value (:name,:addr,:city)");
这是我从中获得的网站的链接,如果您想阅读它以供参考.
http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/