php – PDO编写语句,正确使用?

前端之家收集整理的这篇文章主要介绍了php – PDO编写语句,正确使用?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我只需要确保我已正确获得PDO准备语句,sql注入是否可以保护以下代码
$data['username'] = $username;
$data['password'] = $password;
$data['salt'] = $this->generate_salt();
$data['email'] = $email;

$sth = $this->db->prepare("INSERT INTO `user` (username,password,salt,email,created) VALUES (:username,:password,:salt,:email,NOW())");  
$sth->execute($data);
是的,您的代码是安全的.但它可以缩短:
$data = array( $username,$password,$this->generate_salt(),$email );

// If you don't want to do anything with the returned value:
$this->db->prepare("
    INSERT INTO `user` (username,created)
    VALUES (?,?,NOW())
")->execute($data);

猜你在找的PHP相关文章