这里是新手。我一直在研究 SQLSVR 如何利用准备好的语句来防止注入，但它们所防止的通常是查询本身，而不是诸如存储过程之类的东西。我当前的代码是否可以避免这种情况？我一直在尝试理解这里的 PHP 手册：https://www.php.net/manual/en/function.sqlsrv-query.php但我不太确定这会是什么样子，因为我正在使用存储过程。感谢您花时间阅读本文和指导。<?php include('config.php');$mysqli = sqlsrv_connect($serverName, $conn_array);// For error or success messages place the following functions in your functions.php file and include the file here.// The following functions are based on bootstrap classes for error and success message. If you are not using bootstrap you can stylize your own.function alertSuccess($msg){  $alert = "<div class='alert alert-success'>".$msg."</div>";  return $alert;}function alertError($msg){  $alert = "<div class='alert alert-danger'>".$msg."</div>";  return $alert;}function alertInfo($msg){  $alert = "<div class='alert alert-info'>".$msg."</div>";  return $alert;}// Storing Form Inputs$username = ($_POST['username']);$email = ($_POST['email']);$region =($_POST['region']);$password = (!empty($_POST['password']))?$_POST['password']:null;$password2 = (!empty($_POST['confirmpassword']))?$_POST['confirmpassword']:null;if(isset($_POST['register'])) {  // Set "Creating Account" message.   echo alertInfo("Attempting to initiate Account Creation...");  // If username is null then rest of the code will not be executed  if($username == null){    echo alertError("Invalid username!");    header("Location: failed.php");    exit();  }  // If password is not equal then rest of the code will not be executed  if($password != $password2){    echo alertError("Password mismatch");    header("Location: failed.php");    exit();  }  // If username is less than 6 characters long then rest of the code will not be executed  if(strlen($username) < 6){    echo alertError("Username must contain at least 6 characters.");    header("Location: failed.php");    exit();  }  if($region > 2){    echo alertError("Invalid Region.");    header("Location: failed.php");    exit();  }