mysql参数化,MySQL远程访问

1 . 解决MySQL不允许从远程访问的方法

grant all on yourdb.* to yourUsername@yourHost identified by "yourPassword";
flush privileges;

2.mysql参数化查询

2.1命令行SQL code:

set @n = 156027;
select * from tab_name where id=@n;

如果是在存储过程里了,也可以这样
SQL code:
declare n int;
set n = 156027;
select * from tab_name where id=n;

2.2通过select ... into... 赋值:

select username form users where id=1 into @result;
select @result;

2.3php参数化查询mysql:

  1. $query = sprintf("SELECT * FROM Users where UserName='%s' and Password='%s'",

  2. mysql_real_escape_string($Username),

  3. mysql_real_escape_string($Password));……

此时如果提交username=user, password=test'or'1'='1,如果不用参数化查询会变成:
SELECT * FROM users where username='test' and password='test'or'1'='1'

如果使用参数化查询,则查询语句会变成:
亚博登录不上亚博娱乐是正规的吗亚博国际手机客户端SELECT * FROM users where username='test' and password='test'or'1'='1' //使用' 来转义了', 从而保证了安全提交.