ปลอดภัย คือกันการเจะข้อมูล
แบบที่ 1
UPDATE หรือ INSERT ข้อมูลเข้า sql server แบบตรงๆ เลย
โค้ด: เลือกทั้งหมด
function rename($newname, $CharID) {
$query = $this->pdo->prepare("UPDATE UsersChars SET Gamertag=:Gamertag WHERE CharID=:CharID");
$query->bindValue(":CustomerID", $this->CustomerID);
$query->bindValue(":Gamertag", $newname);
$query->bindValue(":CharID", $CharID);
$query->execute();}
ยิงข้อมูลเข้า Function ของ sql server /Navicat
โค้ด: เลือกทั้งหมด
function rename($newname, $CharID) {
$connectionInfo = array("Database" => $dbName, "UID" => $userName, "PWD" => $userPassword, "MultipleActiveResultSets" => true, "CharacterSet" => "UTF-8");
$conn = sqlsrv_connect($serverName, $connectionInfo);
$sql = "{call [dbo].[Test_CharRename](?, ?, ?)}";
$in_CharID = $CharID;
$in_CustomerID = $this->CustomerID;
$in_Gamertag = "$newname";
$params = array(
array($in_CustomerID, SQLSRV_PARAM_IN),
array($in_CharID, SQLSRV_PARAM_IN),
array($in_Gamertag, SQLSRV_PARAM_IN),
);
}
โค้ด: เลือกทั้งหมด
ALTER PROCEDURE [dbo].[Test_CharRename]
@in_CustomerID int,
@in_CharID int,
@in_Gamertag nvarchar(64)
AS
BEGIN
SET NOCOUNT ON;
--
-- note: all checks was performed in Test_CharRenameCheck
--
-- rename
declare @OldGamertag nvarchar(64)
select @OldGamertag=Gamertag from UsersChars where CharID=@in_CharID
update UsersChars set Gamertag=@in_Gamertag, CharRenameTime=GETDATE() where CharID=@in_CharID
-- and log
insert into DBG_CharRenames values (GETDATE(), @in_CustomerID, @in_CharID, @OldGamertag, @in_Gamertag)
select 0 as ResultCode
END