I just want to know if these 2 sets of code are doing the same thing or not, if not what's the difference?
我只是想知道这两组代码是否做同样的事情,如果不是有什么区别?
$connect= new CONNECT();
$sql = ("query here");
$stmt = $connect->runQuery($sql);
$stmt->bindParam(':sample', $_POST['sample'], PDO::PARAM_STR);
$stmt->bindParam(':sample2', $_POST['sample2'], PDO::PARAM_STR);
$stmt->bindParam(':sample3', $_POST['sample3'], PDO::PARAM_STR);
$stmt->execute();
=======================AND========================
=======================和========================
$connect= new CONNECT();
$sql = ("query here");
$stmt = $connect->runQuery($sql);
$stmt->execute(Array(
':sample1' => $_POST['sample'],
':sample2' => $_POST['sample2'],
':sample3' => $_POST['sample3']
));
FYI, both work perfectly, just wanting to know if I'm getting the full security benefit using either one. Thanks.
仅供参考,两者都很完美,只是想知道我是否使用其中任何一个获得全部安全性好处。谢谢。
1 个解决方案
#1
5
By passing the parameters along with the $stmt->execute() method, all values in the array with be passed, as PDO::PARAM_STR to the statement with the $stmt->bindParam() function.
通过将参数与$ stmt-> execute()方法一起传递,将数组中的所有值作为PDO :: PARAM_STR传递给具有$ stmt-> bindParam()函数的语句。
And with the $stmt->bindParam() function, you can define the data type passed along, using the PDO::PARAM_*
使用$ stmt-> bindParam()函数,您可以使用PDO :: PARAM_ *定义传递的数据类型
Read more about PDO::PARAM_
了解有关PDO :: PARAM_的更多信息
#1
5
By passing the parameters along with the $stmt->execute() method, all values in the array with be passed, as PDO::PARAM_STR to the statement with the $stmt->bindParam() function.
通过将参数与$ stmt-> execute()方法一起传递,将数组中的所有值作为PDO :: PARAM_STR传递给具有$ stmt-> bindParam()函数的语句。
And with the $stmt->bindParam() function, you can define the data type passed along, using the PDO::PARAM_*
使用$ stmt-> bindParam()函数,您可以使用PDO :: PARAM_ *定义传递的数据类型
Read more about PDO::PARAM_
了解有关PDO :: PARAM_的更多信息