帮助准备好的陈述

发布于 2024-10-11 00:51:25 字数 575 浏览 1 评论 0原文

大家好，我最近听说准备好的语句是保护我的网站免受 mysql 注入等攻击的最佳方法。所以我有一个问题，我似乎无法理解为什么这不起作用：

$mysqli=new mysqli("localhost", "***", "***","***") or die(mysql_error());


              function checklogin($username, $password){


                $result = $mysqli->prepare("SELECT * FROM users WHERE username = ?");
                $result->bind_param("s", $username);
                $result->execute();

我收到以下错误：注意：未定义的变量：mysqli in /var/www/JMToday/loginchk.php on line 45 Fatal error: Call to /var/www/JMToday/loginchk.php 第 45 行中非对象上的成员函数prepare()

原文

Hey guys, I have recently heard that prepared statements are the best way to secure my website from mysql injections and what not. So I have a question, I can't seem to understand why this does not work:

$mysqli=new mysqli("localhost", "***", "***","***") or die(mysql_error());


              function checklogin($username, $password){


                $result = $mysqli->prepare("SELECT * FROM users WHERE username = ?");
                $result->bind_param("s", $username);
                $result->execute();

I get the following error: Notice: Undefined variable: mysqli in /var/www/JMToday/loginchk.php on line 45 Fatal error: Call to a member function prepare() on a non-object in /var/www/JMToday/loginchk.php on line 45

分享到QQ

分享到微博