我是php的新手,以前刚刚使用mysqli进行查询。但是我总是看到人们说要使用准备好的语句,所以我经历了我的项目,努力将我的所有查询都改成准备好的语句。此特定查询未更新
$email = $userDetails['email'];
$token = bin2hex(random_bytes(16));
$username = $userDetails['username'];
$timestamp = date('Y/m/d H:i:s');
$sql = "UPDATE users SET token = ? AND timestamp = ? WHERE email = ?";
$stmt = mysqli_prepare($connect, $sql);
mysqli_stmt_bind_param($stmt,"sss",$token,$timestamp,$email);
mysqli_stmt_execute($stmt);
您在AND查询中使用,而不是UPDATE:
$sql = "UPDATE users SET token = ?, timestamp = ? WHERE email = ?";