1: 利用sprintf来绑定变量,分离绑定的参数与语句
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'", mysql_real_escape_string($user), mysql_real_escape_string($password)); mysql_query($query);
