Well, I've bee开发者_Python百科n reading 2 hours about mysql_real_escape() and addslashes() and stuff, but my question is: how can I do this to work with PDO and be completely safe?
You can do this using prepared statements. Example:
// $pdo = new PDO(...);
$query = $pdo->prepare('SELECT * FROM table WHERE name = ?');
$query->execute(array($_GET['name'])); // Replaces ? with the
// value in $_GET['name']
You don't have to worry about manually escaping any user inputed data, such as $_GET['name'] in the example above.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论