php-mysqlHow to bind parameters in a MySQL database using PHP?
Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param()
function.
Example code
$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);
Code explanation
mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)")
: prepares an SQL statement for executionmysqli_stmt_bind_param($stmt, "si", $name, $age)
: binds parameters to the prepared statementmysqli_stmt_execute($stmt)
: executes the prepared statement
Helpful links
More of Php Mysql
- How to output XML from MySQL using PHP?
- How to use utf8mb4_unicode_ci in MySQL with PHP?
- How to use a variable in a MySQL query using PHP?
- How to use a MySQL union in PHP?
- How to generate a UUID in MySQL using PHP?
- How to set a timeout for MySQL query in PHP?
- How to get the last insert ID in PHP MySQL?
- How to update to null value in MySQL using PHP?
- How to get the first row of a result in MySQL using PHP?
- How to alter a table in a MySQL database using PHP?
See more codes...