php-mysqlHow to bind parameters in a MySQL database using PHP?
Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param()
function.
Example code
$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);
Code explanation
mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)")
: prepares an SQL statement for executionmysqli_stmt_bind_param($stmt, "si", $name, $age)
: binds parameters to the prepared statementmysqli_stmt_execute($stmt)
: executes the prepared statement
Helpful links
More of Php Mysql
- How to join tables with PHP and MySQL?
- How to create an SSL connection to MySQL using PHP?
- How to use an IN query in PHP and MySQL?
- How to count the number of resulting rows in a MySQL database using PHP?
- How to get a single value from query in PHP MySQL?
- How to use a variable in a MySQL query using PHP?
- How to set a timeout for MySQL query in PHP?
- How to insert data into a MySQL database using PHP?
- How to use a MySQL union in PHP?
- How to keep a connection open in PHP and MySQL?
See more codes...