php-mysqlHow to bind parameters in a MySQL database using PHP?

Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param() function.

Example code

$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);

Code explanation

mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)"): prepares an SQL statement for execution
mysqli_stmt_bind_param($stmt, "si", $name, $age): binds parameters to the prepared statement
mysqli_stmt_execute($stmt): executes the prepared statement

Helpful links

PHP: mysqli_stmt_bind_param - Manual
MySQLi Prepared Statements

Edit this code on GitHub

More of Php Mysql

How to check the result of an insert in PHP and MySQL?
How to use utf8mb4_unicode_ci in MySQL with PHP?
How to generate a UUID in MySQL using PHP?
How to get a single value from query in PHP MySQL?
How to fetch data from MySQL in PHP?
How to output XML from MySQL using PHP?
How to use a MySQL union in PHP?
How to change database in MySQL with PHP?
How to join tables with PHP and MySQL?
How to store a boolean value in a MySQL database using PHP?

See more codes...