php-mysqlHow to bind parameters in a MySQL database using PHP?

Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param() function.

Example code

$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);

Code explanation

mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)"): prepares an SQL statement for execution
mysqli_stmt_bind_param($stmt, "si", $name, $age): binds parameters to the prepared statement
mysqli_stmt_execute($stmt): executes the prepared statement

Helpful links

PHP: mysqli_stmt_bind_param - Manual
MySQLi Prepared Statements

Edit this code on GitHub

More of Php Mysql

How to write an update query in MySQL using PHP?
How to use a MySQL union in PHP?
How to export data from MySQL to Excel using PHP?
How to connect to a MySQL database using PHP?
How to set a timeout for MySQL query in PHP?
How to create an SSL connection to MySQL using PHP?
What port to connect to MySQL from PHP?
How to output XML from MySQL using PHP?
How to generate a UUID in MySQL using PHP?
How to change database in MySQL with PHP?

See more codes...