這里是新手。我一直在研究 SQLSVR 如何利用準(zhǔn)備好的語(yǔ)句來(lái)防止注入，但它們所防止的通常是查詢(xún)本身，而不是諸如存儲(chǔ)過(guò)程之類(lèi)的東西。我當(dāng)前的代碼是否可以避免這種情況？我一直在嘗試?yán)斫膺@里的 PHP 手冊(cè)：https://www.php.net/manual/en/function.sqlsrv-query.php但我不太確定這會(huì)是什么樣子，因?yàn)槲艺谑褂么鎯?chǔ)過(guò)程。感謝您花時(shí)間閱讀本文和指導(dǎo)。<?php include('config.php');$mysqli = sqlsrv_connect($serverName, $conn_array);// For error or success messages place the following functions in your functions.php file and include the file here.// The following functions are based on bootstrap classes for error and success message. If you are not using bootstrap you can stylize your own.function alertSuccess($msg){  $alert = "<div class='alert alert-success'>".$msg."</div>";  return $alert;}function alertError($msg){  $alert = "<div class='alert alert-danger'>".$msg."</div>";  return $alert;}function alertInfo($msg){  $alert = "<div class='alert alert-info'>".$msg."</div>";  return $alert;}// Storing Form Inputs$username = ($_POST['username']);$email = ($_POST['email']);$region =($_POST['region']);$password = (!empty($_POST['password']))?$_POST['password']:null;$password2 = (!empty($_POST['confirmpassword']))?$_POST['confirmpassword']:null;if(isset($_POST['register'])) {  // Set "Creating Account" message.   echo alertInfo("Attempting to initiate Account Creation...");  // If username is null then rest of the code will not be executed  if($username == null){    echo alertError("Invalid username!");    header("Location: failed.php");    exit();  }  // If password is not equal then rest of the code will not be executed  if($password != $password2){    echo alertError("Password mismatch");    header("Location: failed.php");    exit();  }  // If username is less than 6 characters long then rest of the code will not be executed  if(strlen($username) < 6){    echo alertError("Username must contain at least 6 characters.");    header("Location: failed.php");    exit();  }  if($region > 2){    echo alertError("Invalid Region.");    header("Location: failed.php");    exit();  }