php-mysqlHow to bind parameters in a MySQL database using PHP?

Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param() function.

Example code

$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);

Code explanation

mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)"): prepares an SQL statement for execution
mysqli_stmt_bind_param($stmt, "si", $name, $age): binds parameters to the prepared statement
mysqli_stmt_execute($stmt): executes the prepared statement

Helpful links

PHP: mysqli_stmt_bind_param - Manual
MySQLi Prepared Statements

Edit this code on GitHub

More of Php Mysql

How to join tables with PHP and MySQL?
How to create an SSL connection to MySQL using PHP?
How to use an IN query in PHP and MySQL?
How to count the number of resulting rows in a MySQL database using PHP?
How to get a single value from query in PHP MySQL?
How to use a variable in a MySQL query using PHP?
How to set a timeout for MySQL query in PHP?
How to insert data into a MySQL database using PHP?
How to use a MySQL union in PHP?
How to keep a connection open in PHP and MySQL?

See more codes...