PHP MySQL 插入数据代码优化：防止 SQL 注入并提升效率

修改后的代码如下：\n\nphp\n<?php\n\$title = \$_POST['title'];\n\$content = \$_POST['content'];\n\$describes = \$_POST['describes'];\n\$time = time();\n\n\$con = mysqli_connect("localhost", "efchp", "123456", "wenzhang");\nif (!\$con) {\n die('Could not connect: ' . mysqli_error(\$con));\n}\n\nmysqli_set_charset(\$con, "utf8mb4");\n\n\$stmt = mysqli_prepare(\$con, "INSERT INTO `efchp_blog_essay` (`id`, `title`, `new_title`, `content`, `new_content`, `describes`, `new_describes`, `ip`, `new_ip`, `time`, `new_time`, `remarks`) VALUES (NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, '');");\nmysqli_stmt_bind_param(\$stmt, "ssssssissi", \$title, \$title, \$content, \$content, \$describes, \$describes, \$ip, \$ip, \$time, \$time);\n\$result = mysqli_stmt_execute(\$stmt);\n\nif (\$result) {\n echo '插入成功！<a href="/">回到主页</a>';\n} else {\n echo "插入失败！错误信息：" . mysqli_error(\$con);\n}\n\nmysqli_close(\$con);\n?>\n\n\n修改的地方包括：\n1. 将mysqli_stmt_bind_param函数的第一个参数改为"ssssssissi"，表示有10个字符串类型的参数，对应的变量为\$title, \$title, \$content, \$content, \$describes, \$describes, \$ip, \$ip, \$time, \$time。\n2. 将\$timu, \$daan, \$jiexi, \$fenlei, \$beizhu替换为\$title, \$title, \$content, \$content, \$describes, \$describes, \$ip, \$ip, \$time, \$time。\n3. 将"INSERT INTO efchp_blog_essay (id, title, new_title, content, new_content, describes, new_describes, ip, new_ip, time, new_time, remarks) VALUES (NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"中的'',替换为''，表示将remarks字段的值设为空字符串。\n4. 修改了mysqli_stmt_bind_param函数的参数顺序，使之与SQL语句中的参数顺序对应。