PHPmysqli的 预处理执行插入语句

预编译在mysql端

预编译可以自动防止sql注入攻击

 1 <?php
 2     //预编译技术
 3     //1.创建一个mysqli对象
 4     //2.创建myslqi预编译对象
 5     $mysqli=new mysqli("localhost", "root", "root", "user1", 3306);
 6     $mysqli->set_charset("utf8");
 7 
 8     $sql="insert into user1(name,password,email,age) values(?,?,?,?)";
 9     
10     $mysqli_stmt=$mysqli->prepare($sql) or die($mysqli->error);
11     //绑定参数
12     $name="小李";
13     $password="tsts";
14     $email="sohu@sohu.cn";
15     $age="200";
16     //参数绑定  赋值
17     $mysqli_stmt->bind_param("sssi", $name,$password,$email,$age);
18     //执行
19     $result=$mysqli_stmt->execute();
20     if(!$result){
21         //echo $mysqli->error;
22         die($mysqli_stmt->error);
23         error_log($result);
24     }
25     $name="小王";
26     $password="5678";
27     $email="sohu2@sohu.cn";
28     $age="20";
29     $mysqli_stmt->bind_param("sssi", $name,$password,$email,$age);
30     //执行
31     $result=$mysqli_stmt->execute();
32 
33     $mysqli->close();
34 
35 ?>

 

posted @ 2013-11-17 23:22  闲云-野鹤  阅读(1156)  评论(0编辑  收藏  举报