1: 利用sprintf来绑定变量,分离绑定的参数与语句
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
mysql_query($query);
1: 利用sprintf来绑定变量,分离绑定的参数与语句
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
mysql_query($query);