MySQL Improved Extension (
Mysqli
)
2323
array(2) {
["id"]=>
int(3)
["label"]=>
string(1) "c"
}
array(2) {
["id"]=>
int(2)
["label"]=>
string(1) "b"
}
array(2) {
["id"]=>
int(1)
["label"]=>
string(1) "a"
}
Escaping and SQL injection
Bound variables will be escaped automatically by the server. The server inserts their escaped
values at the appropriate places into the statement template before execution. A hint must be
provided to the server for the type of bound variable, to create an appropriate conversion. See the
mysqli_stmt_bind_param
function for more information.
The automatic escaping of values within the server is sometimes considered a security feature to
prevent SQL injection. The same degree of security can be achieved with non-prepared statements, if
input values are escaped correctly.
Client-side prepared statement emulation
The API does not include emulation for client-side prepared statement emulation.
Quick prepared - non-prepared statement comparison
The table below compares server-side prepared and non-prepared statements.
Table 20.37. Comparison of prepared and non-prepared statements
Prepared Statement
Non-prepared statement
Client-server round trips,
SELECT, single execution
2
1
Statement string transferred
from client to server
1
1
Client-server round trips,
SELECT, repeated (n) execution
1 + n
n
Statement string transferred
from client to server
1 template, n times bound
parameter, if any
n times together with parameter,
if any
Input parameter binding API
Yes, automatic input escaping
No, manual input escaping
Output variable binding API
Yes
No
Supports use of mysqli_result
API
Yes, use
mysqli_stmt_get_result
Yes
Buffered result sets
Yes, use
mysqli_stmt_get_result
or binding with
mysqli_stmt_store_result
Yes, default of
mysqli_query
Содержание 5.0
Страница 1: ...MySQL 5 0 Reference Manual ...
Страница 18: ...xviii ...
Страница 60: ...40 ...
Страница 396: ...376 ...
Страница 578: ...558 ...
Страница 636: ...616 ...
Страница 844: ...824 ...
Страница 1234: ...1214 ...
Страница 1426: ...MySQL Proxy Scripting 1406 The following diagram shows an overview of the classes exposed by MySQL Proxy ...
Страница 1427: ...MySQL Proxy Scripting 1407 ...
Страница 1734: ...1714 ...
Страница 1752: ...1732 ...
Страница 1783: ...Configuring Connector ODBC 1763 ...
Страница 1793: ...Connector ODBC Examples 1773 ...
Страница 1839: ...Connector Net Installation 1819 2 You must choose the type of installation to perform ...
Страница 1842: ...Connector Net Installation 1822 5 Once the installation has been completed click Finish to exit the installer ...
Страница 1864: ...Connector Net Visual Studio Integration 1844 Figure 20 24 Debug Stepping Figure 20 25 Function Stepping 1 of 2 ...
Страница 2850: ...2830 ...
Страница 2854: ...2834 ...
Страница 2928: ...2908 ...
Страница 3000: ...2980 ...
Страница 3122: ...3102 ...
Страница 3126: ...3106 ...
Страница 3174: ...3154 ...
Страница 3232: ...3212 ...