php里怎么找不到sqlparameter???

搜索了下可以像这样指定MYSQL的参数类型,

$query = sprintf("SELECT * FROM Users where UserName='%s' and Password='%s'", 
                  mysql_real_escape_string($Username), 
                  mysql_real_escape_string($Password)); 
mysql_query($query); 

//-----or 

$db = new mysqli("localhost", "user", "pass", "database"); 
$stmt = $mysqli -> prepare("SELECT priv FROM testUsers WHERE username=? AND password=?"); 
$stmt -> bind_param("ss", $user, $pass); 
$stmt -> execute();

看到一老外像这样写,,这个,看起来怪怪的

<?php
$id = mysql_real_escape_string( $_GET['id'] );
$q = "SELECT * FROM `table` WHERE `id` = $id";
?>

 

表23-1  bind_param第一个参数字符描述
字符种类
代表的数据类型
I
integer
D
double
S
string
B
blob
posted @ 2010-05-30 02:00  大力  阅读(684)  评论(1)    收藏  举报