0
實例存儲過程內部的做工不錯:mysql替代字符串文字?提供文本預處理語句的
SET @first_condition = input_parameter_1;
SET @second_condition = input_parameter_2;
SET @vs_query = "
SELECT my_column FROM my_table WHERE one_column = ? AND other_column = ? LIMIT 1;
";
PREPARE stmt FROM @vs_query;
EXECUTE stmt USING @first_condition, @second_condition;
DEALLOCATE PREPARE stmt;
問題:
是否有mysql的另一種選擇使用一些更具描述像:my_var而不是「?」 simbol,或者類似於PDO中使用的類似東西?
我尋找熱塑成型了一些這樣的:
SELECT my_column FROM my_table
WHERE one_column = :first_condition AND other_column = :second_condition LIMIT 1;
代替:
SELECT my_column FROM my_table
WHERE one_column = ? AND other_column = ? LIMIT 1;
關於concatenation ..這我知道,但然後有注射風險? – MTK