我只需要确保我已正确获得PDO准备语句,sql注入是否可以保护以下代码?
$data['username'] = $username; $data['password'] = $password; $data['salt'] = $this->generate_salt(); $data['email'] = $email; $sth = $this->db->prepare("INSERT INTO `user` (username,password,salt,email,created) VALUES (:username,:password,:salt,:email,NOW())"); $sth->execute($data);
是的,您的代码是安全的.但它可以缩短:
$data = array( $username,$password,$this->generate_salt(),$email ); // If you don't want to do anything with the returned value: $this->db->prepare(" INSERT INTO `user` (username,created) VALUES (?,?,NOW()) ")->execute($data);