因此,我已经完成了一个问答网站的构建,现在正试图防御SQL注入,但是CURRENT_DATE有问题。我想将当前的日期与问题插入到数据库中,但是绑定标记是什么? “s”字符串不工作?使用mysqli预处理语句时,CURRENT_DATE的查询绑定标记是什么?
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "questions87";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
session_start();
$question = $_POST["question"];
$uname = $_SESSION['username'];
$qa_email =$_SESSION['email'];
// prepare and bind
$stmt = $conn->prepare("INSERT INTO login (username, username, q_date, qa_email) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssss", $question, $uname, CURRENT_DATE, $qa_email);
$stmt->execute();
if ($stmt) {echo "Thank you ". $uname . " Your question has been submitted " . "<br>";}
else {echo "Error: " . $sql . "<br>" . mysqli_error($conn);}
$stmt->close();
$conn->close();
?>
只是为了解释.. PHP知道你传递了一个从未定义的常量。如果你想使用像'$ someDate = date('Y-m-d H:i:s',time())'这样的php函数插入一个日期(时间),''你确实需要使用's'。 – Yolo