TA貢獻(xiàn)1804條經(jīng)驗(yàn) 獲得超2個(gè)贊
mysql_real_escape_string()
$type = 'testing';$type = mysql_real_escape_string($type);$reporter = "John O'Hara";$reporter = mysql_real_escape_string($reporter);$query = "INSERT INTO contents (type, reporter, description)
VALUES('$type', '$reporter', 'whatever')";mysql_query($query) or trigger_error(mysql_error()." in ".$query);// note that when running mysql_query you have to always check for errors$limit = intval($_GET['limit']); //casting to int type!$query = "SELECT * FROM table LIMIT $limit";
if ($_GET['sortorder'] == 'name') {
$sortorder = 'name';} else {
$sortorder = 'id';}$query = "SELECT * FROM table ORDER BY $sortorder";使一切簡單化
$type = 'testing';$reporter = "John O'Hara";pquery("INSERT INTO contents (type, reporter, description) VALUES(?s, ?s, ?s)",
$type, $reporter,'whatever');
TA貢獻(xiàn)1865條經(jīng)驗(yàn) 獲得超7個(gè)贊
... VALUES(testing, 'john', 'whatever')
$type = 'testing';mysql_query("INSERT INTO contents (type, reporter, description) VALUES('$type', 'john', 'whatever')");舉報(bào)