php-mysqlHow to bind parameters in a MySQL database using PHP?

Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param() function.

Example code

$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);

Code explanation

mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)"): prepares an SQL statement for execution
mysqli_stmt_bind_param($stmt, "si", $name, $age): binds parameters to the prepared statement
mysqli_stmt_execute($stmt): executes the prepared statement

Helpful links

PHP: mysqli_stmt_bind_param - Manual
MySQLi Prepared Statements

Edit this code on GitHub

More of Php Mysql

How to use utf8mb4_unicode_ci in MySQL with PHP?
How to get the first row of a result in MySQL using PHP?
How to get the version of MySQL using PHP?
How to create an SSL connection to MySQL using PHP?
How to check the result of an insert in PHP and MySQL?
How to generate a UUID in MySQL using PHP?
How to convert a MySQL timestamp to a datetime in PHP?
How to prepare a statement in MySQL using PHP?
How to create a connection pool in a MySQL database using PHP?
How to use the LIKE operator in PHP and MySQL?

See more codes...