a1exlism
7/11/2016 - 9:12 AM

php_ parameterized_queries

From:http://www.ahlinux.com/php/12992.html

<?php
//Example_1
$query = sprintf("SELECT * FROM Users where UserName='%s' and Password='%s'",   
                  mysql_real_escape_string($Username),   
                  mysql_real_escape_string($Password));  
mysql_query($query);  
//Example_2  
$db = new mysqli("localhost", "user", "pass", "database");  
$stmt = $mysqli -> prepare("SELECT priv FROM testUsers WHERE username=? AND password=?");  
$stmt -> bind_param("ss", $user, $pass);  
$stmt -> execute();
?>