對於此查詢,是否需要使用mysql_real_escape_string
?使用預準備語句時,mysql_real_escape_string()是否必要?
任何改進或查詢都很好嗎?
$consulta = $_REQUEST["term"]."%";
($sql = $db->prepare('select location from location_job where location like ?'));
$sql->bind_param('s', $consulta);
$sql->execute();
$sql->bind_result($location);
$data = array();
while ($sql->fetch()) {
$data[] = array('label' => $location);
}
的查詢速度在這種情況下非常重要。
[PHP MySQLi準備的查詢綁定參數是否安全?](http://stackoverflow.com/questions/1561586/are-php-mysqli-prepared-queries-with-bound-parameters-secure) – outis 2012-07-19 10:04:46