我现在用的波纹管查询,更新,但现在我想将其更改为PDO和它未能奏效 请任何帮助将不胜感激如何将更新查询从mysql更改为pdo?
function updateonlinesession(){
if(isset($_SESSION['username']['id'])){
$uid = $_SESSION['username']['id'];
$page = $_SERVER['REQUEST_URI'];
$ip = $_SERVER['REMOTE_ADDR'];
$username = $_SESSION['logged'];
mysql_query("UPDATE site_user SET dateupdated = now(),ip = '$ip' WHERE
username = '".mysql_real_escape_string($_SESSION['username'])."'");
}
}
这是我试图与PDO
function updateonlinesession(){
if(isset($_SESSION['username']['id'])){
$uid = $_SESSION['username']['id'];
$page = $_SERVER['REQUEST_URI'];
$ip = $_SERVER['REMOTE_ADDR'];
$username = $_SESSION['logged'];
$update = ("UPDATE site_user SET dateupdated = now(),ip = '$ip' WHERE
username = '".($_SESSION['username'])."'");
$sth_update= $con->prepare($update);
$sth_update->execute();
}
}
?>
发表你试过的东西... – Eggplant 2013-02-26 15:42:35
有一个gander:http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers – Nick 2013-02-26 15:43:16
这个线程谈论'sql注入',但它显示了使用准备语句的方法,其中一个是PDO,[如何防止SQL注入在PHP?](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php) – 2013-02-26 15:43:42