预处理 (参数绑定) OOP

i - 整数 / d - 双精度浮点数 / s - 字符串 / b - 布尔值  (作用指定数据类型,保证数据安全,防止SQL注入)
设置SQL语句模板
生成预处理语句对象  $mysqli->prepare
绑定参数    $stmt->bind_param
执行预处理语句 $stmt->execute();

$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?,?,?,?)");
$stmt->bind_param('sssd',$code,$language,$official,$percent);


$code = 'DEU';
$language = 'Bavarian';
$official = "F";
$percent = 11.2;


$stmt->execute();

$stmt = mysqli_prepare($link,"INSERT INTO CountryLanguage VALUES(?,?,?,?)");
mysqli_stmt_bind_param($stmt,'sssd',$code,$language,$official,$percent);


$code = 'DEU';
$language = 'Bavarian';
$official = "F";
$percent = 11.2;


mysqli_stmt_execute($stmt);

Example 执行一条使用命名占位符的预处理语句

<?php

$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name,colour,calories 
              FROM fruit
              WHERE calories < :calories AND colour = : colour');

$sth->bindParam(':calories',$calories,PDO::PARAM_INT);
$sth->bindParam(':colour',$colour,PDO::PARAM_STR,12);
$sth->execute();
?>