php-mysqlHow to bind parameters in a MySQL database using PHP?

Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param() function.

Example code

$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);

Code explanation

mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)"): prepares an SQL statement for execution
mysqli_stmt_bind_param($stmt, "si", $name, $age): binds parameters to the prepared statement
mysqli_stmt_execute($stmt): executes the prepared statement

Helpful links

PHP: mysqli_stmt_bind_param - Manual
MySQLi Prepared Statements

Edit this code on GitHub

More of Php Mysql

How to use utf8mb4_unicode_ci in MySQL with PHP?
How to join tables with PHP and MySQL?
How to get the version of MySQL using PHP?
How to write an update query in MySQL using PHP?
How to count the number of resulting rows in a MySQL database using PHP?
How to use a MySQL union in PHP?
How to set a timeout for MySQL query in PHP?
How to create an SSL connection to MySQL using PHP?
How to get the last insert ID in PHP MySQL?
How to fetch data from MySQL in PHP?

See more codes...