pdo防注入原理

prepare('select * from nav where alias =\'manage\'');

// 方式二
/*
$st = $pdo->prepare('select * from nav where alias = ?');
$alias = 'manage';
$st->bindParam(1,$alias);
*/

// 方式三
$pdo->query('SET NAMES gbk'); 
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES,false);
$st = $pdo->prepare('select * from nav where alias = ?');
$alias = 'manage';
$st->bindParam(1,$alias);

$st->execute();
print_r($st->fetchAll());


你可能感兴趣的:(pdo防注入原理)