php-mysqlHow to bind parameters in a MySQL database using PHP?

Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param() function.

Example code

$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);

Code explanation

mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)"): prepares an SQL statement for execution
mysqli_stmt_bind_param($stmt, "si", $name, $age): binds parameters to the prepared statement
mysqli_stmt_execute($stmt): executes the prepared statement

Helpful links

PHP: mysqli_stmt_bind_param - Manual
MySQLi Prepared Statements

Edit this code on GitHub

More of Php Mysql

How to insert a date into a MySQL database using PHP?
How to get table column names in PHP MySQL?
How to run multiple queries in PHP and MySQL?
How to get a single value from query in PHP MySQL?
How to use a variable in a MySQL query using PHP?
What port to connect to MySQL from PHP?
How to order by a column in ascending order in MySQL using PHP?
How to insert a null value in MySQL using PHP?
How to escape JSON in PHP and MySQL?
How to output XML from MySQL using PHP?

See more codes...