php-mysqlHow to bind parameters in a MySQL database using PHP?
Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param()
function.
Example code
$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);
Code explanation
mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)")
: prepares an SQL statement for executionmysqli_stmt_bind_param($stmt, "si", $name, $age)
: binds parameters to the prepared statementmysqli_stmt_execute($stmt)
: executes the prepared statement
Helpful links
More of Php Mysql
- How to join tables with PHP and MySQL?
- How to get the version of MySQL using PHP?
- How to create an SSL connection to MySQL using PHP?
- How to use utf8mb4_unicode_ci in MySQL with PHP?
- How to get the error message for a MySQL query using PHP?
- How to run multiple queries in PHP and MySQL?
- How to escape JSON in PHP and MySQL?
- How to get the last insert ID in PHP MySQL?
- How to get a single value from query in PHP MySQL?
- How to get the number of affected rows in a MySQL using PHP?
See more codes...