预编译在mysql端
预编译可以自动防止sql注入攻击
1 set_charset("utf8"); 7 8 $sql="insert into user1(name,password,email,age) values(?,?,?,?)"; 9 10 $mysqli_stmt=$mysqli->prepare($sql) or die($mysqli->error);11 //绑定参数12 $name="小李";13 $password="tsts";14 $email="sohu@sohu.cn";15 $age="200";16 //参数绑定 赋值17 $mysqli_stmt->bind_param("sssi", $name,$password,$email,$age);18 //执行19 $result=$mysqli_stmt->execute();20 if(!$result){21 //echo $mysqli->error;22 die($mysqli_stmt->error);23 error_log($result);24 }25 $name="小王";26 $password="5678";27 $email="sohu2@sohu.cn";28 $age="20";29 $mysqli_stmt->bind_param("sssi", $name,$password,$email,$age);30 //执行31 $result=$mysqli_stmt->execute();32 33 $mysqli->close();34 35 ?>