我如何将其变成准备好的声明?

How would I turn this into a prepared statement?

我是准备好的语句的新手,所以如果这是一个基本问题,我提前道歉,但我如何将以下代码转换为准备好的语句并稍后执行?

<?php

$myQuery = "SELECT * FROM test WHERE ID=" . $_GET['ID'];

//run query
$result = $con->query($myQuery);
if (!$result) die('Query error: ' . mysqli_error($con));
?>

查看 http://www.w3schools.com/php/php_mysql_prepared_statements.asp, http://php.net/manual/en/mysqli.quickstart.prepared-statements.php (mysqli lib), or http://php.net/manual/en/pdo.prepared-statements.php(PDO 库)。

例如:

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Prepare statement
$stmt = $conn->prepare("SELECT * FROM test WHERE ID=?");

// set parameters 
$stmt->bind_param("i", $_GET['ID']);

// execute
$stmt->execute();

// close resources
$stmt->close();
$conn->close();

要拨打电话,您可以使用类似的东西;

$sCompanyCode = 'fkjahj12321';
$con = new PDO("connection string");

$sql = "SELECT CompanyID From Companies WHERE CompanyCode = :CompanyCode";
$st = $con->query( $sql );
$st->bindValue(":CompanyCode", $sCompanyCode, PDO::PARAM_STR);
$st->execute();

检索第一个或单个结果;

if($row = $st->fetch()){ 
    return (int)$row[0]; 
}

对于多个结果;

$aResults = array();
while ($row = $st->fetch()){
    $aResults[] = $row;
}