缩短查询的功能不起作用

发布于 2024-11-09 04:02:55 字数 496 浏览 0 评论 0 原文

这是我的代码：

function query($query, $variables = NULL) {
    $execute = sprintf($query, $variables);
    $execute = mysql_query($execute);

    return $execute;
}

$insert = query("INSERT INTO accounts (username, email, password, validation_code, registration_timestamp, registration_ip) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')", "$username, $email, $passwordEncrypted, $validationCode, $timestamp, $ip");

如果只有一个变量，它就会起作用。但之后就不会了。有关如何修复和修复的任何建议改进这个功能？谢谢你们！

原文

Here is my code:

function query($query, $variables = NULL) {
    $execute = sprintf($query, $variables);
    $execute = mysql_query($execute);

    return $execute;
}

$insert = query("INSERT INTO accounts (username, email, password, validation_code, registration_timestamp, registration_ip) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')", "$username, $email, $passwordEncrypted, $validationCode, $timestamp, $ip");

If there is only one variable, it will work. But with any after that it wont. Any suggestions on how to fix & improve this function? Thanks guys!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

一直在等你来 2024-11-16 04:02:55

将其重写为：

function query($query, $variables = array()) {
    $execute = vprintf($query, $variables);
    $execute = mysql_query($execute);

    return $execute;
}

$insert = query("INSERT INTO accounts (username, email, password, validation_code, registration_timestamp, registration_ip) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')", array($username, $email, $passwordEncrypted, $validationCode, $timestamp, $ip));

顺便说一句，我完全同意@Alex，您需要改为使用 mysqli/PDO 准备好的语句。

PS：不要忘记对每个变量应用mysql_real_escape_string。

rewrite it to:

function query($query, $variables = array()) {
    $execute = vprintf($query, $variables);
    $execute = mysql_query($execute);

    return $execute;
}

$insert = query("INSERT INTO accounts (username, email, password, validation_code, registration_timestamp, registration_ip) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')", array($username, $email, $passwordEncrypted, $validationCode, $timestamp, $ip));

Btw, I absolutely agree with @Alex and you need to move to mysqli/PDO prepared statements instead.

PS: don't forget to apply mysql_real_escape_string to each variable.

回复收藏 0 原文

情深已缘浅 2024-11-16 04:02:55

当您应该直接将数组传递给函数时，请勿传递字符串。

但是，当存在更好的替代方案（例如 PDO）时，您不应该为 mysql_query() 制作包装器。

回复收藏 0 原文

无敌元气妹 2024-11-16 04:02:55

尝试这样的事情：

function query()
{
    $query = call_user_func_array('sprintf',func_get_args());
    return mysql_query($query);
}

然后像这样使用：

$insert = query(
    "INSERT INTO accounts (username, email, password, validation_code, registration_timestamp, registration_ip) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')",
    $username,
    $email,
    $passwordEncrypted,
    $validationCode,
    $timestamp,
    $ip
);

try something like this:

function query()
{
    $query = call_user_func_array('sprintf',func_get_args());
    return mysql_query($query);
}

and then use like so:

$insert = query(
    "INSERT INTO accounts (username, email, password, validation_code, registration_timestamp, registration_ip) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')",
    $username,
    $email,
    $passwordEncrypted,
    $validationCode,
    $timestamp,
    $ip
);

回复收藏 0 原文

~没有更多了~