Home >Backend Development >PHP Tutorial >如何在 PHP 5.1.6 使用真正的mysql预处理?
如何在 PHP 5.1.6 使用真正的mysql预处理?
- WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOriginal
- 2016-06-06 20:47:111060browse
测试代码:
<code><?php $pdo = new PDO("mysql:host=example;dbname=test;","test","test");
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$st = $pdo->prepare("select * from account where username =? limit ?,?");
$st->execute(array('buding',0,2));
$res = $st->fetchAll();
var_dump($res);
?>
</code>
当在 PHP 5.1.6 测试时,Wireshark检测到发送的语句是:
select * from account where username ='23' limit '2'
当在 PHP 5.3 测试时,Wireshark检测到发送的语句是:
select * from account where username =? limit ?
如何才能在PHP 5.1.6使用真的的mysql预处理呢?这是一个Bug,还是我使用的方式不对?
回复内容:
测试代码:
<code><?php $pdo = new PDO("mysql:host=example;dbname=test;","test","test");
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$st = $pdo->prepare("select * from account where username =? limit ?,?");
$st->execute(array('buding',0,2));
$res = $st->fetchAll();
var_dump($res);
?>
</code>
当在 PHP 5.1.6 测试时,Wireshark检测到发送的语句是:
select * from account where username ='23' limit '2'
当在 PHP 5.3 测试时,Wireshark检测到发送的语句是:
select * from account where username =? limit ?
如何才能在PHP 5.1.6使用真的的mysql预处理呢?这是一个Bug,还是我使用的方式不对?
PHP5.3.6以前,参数绑定默认是使用PHP的预处理对参数转义。如果使用PDO,建议升级到5.3.6以后的版本,同时在DSN中指定编码。
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:使用七牛的WP插件之后,头像插件无法工作。Next article:两个网站之间,如何通讯比较安全?