php-mysqlHow to bind parameters in a MySQL database using PHP?

Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param() function.

Example code

$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);

Code explanation

mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)"): prepares an SQL statement for execution
mysqli_stmt_bind_param($stmt, "si", $name, $age): binds parameters to the prepared statement
mysqli_stmt_execute($stmt): executes the prepared statement

Helpful links

PHP: mysqli_stmt_bind_param - Manual
MySQLi Prepared Statements

Edit this code on GitHub

More of Php Mysql

How to get the version of MySQL using PHP?
How to use a variable in a MySQL query using PHP?
How to create an SSL connection to MySQL using PHP?
How to output XML from MySQL using PHP?
How to set a timeout for MySQL query in PHP?
How to change database in MySQL with PHP?
How to update to null value in MySQL using PHP?
How to convert a MySQL timestamp to a datetime in PHP?
How to get the last insert ID in PHP MySQL?
How to create pagination in MySQL using PHP?

See more codes...