php-mysqlHow to bind parameters in a MySQL database using PHP?

Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param() function.

Example code

$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);

Code explanation

mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)"): prepares an SQL statement for execution
mysqli_stmt_bind_param($stmt, "si", $name, $age): binds parameters to the prepared statement
mysqli_stmt_execute($stmt): executes the prepared statement

Helpful links

PHP: mysqli_stmt_bind_param - Manual
MySQLi Prepared Statements

Edit this code on GitHub

More of Php Mysql

How to output XML from MySQL using PHP?
How to use utf8mb4_unicode_ci in MySQL with PHP?
How to use a variable in a MySQL query using PHP?
How to use a MySQL union in PHP?
How to generate a UUID in MySQL using PHP?
How to set a timeout for MySQL query in PHP?
How to get the last insert ID in PHP MySQL?
How to update to null value in MySQL using PHP?
How to get the first row of a result in MySQL using PHP?
How to alter a table in a MySQL database using PHP?

See more codes...