我只需要确保我已正确获得PDO准备语句,sql注入是否可以保护以下代码?
$data['username'] = $username;
$data['password'] = $password;
$data['salt'] = $this->generate_salt();
$data['email'] = $email;
$sth = $this->db->prepare("INSERT INTO `user` (username,password,salt,email,created) VALUES (:username,:password,:salt,:email,NOW())");
$sth->execute($data);
是的,您的代码是安全的.但它可以缩短:
原文链接:https://www.f2er.com/php/240262.html$data = array( $username,$password,$this->generate_salt(),$email );
// If you don't want to do anything with the returned value:
$this->db->prepare("
INSERT INTO `user` (username,created)
VALUES (?,?,NOW())
")->execute($data);
