// plain
Binding parameters in a MySQL database using PHP is a way to prevent SQL injection attacks. It is done by using the mysqli_stmt_bind_param()
function.
$stmt = mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "si", $name, $age);
mysqli_stmt_execute($stmt);
mysqli_prepare($conn, "INSERT INTO table (name, age) VALUES (?, ?)")
: prepares an SQL statement for executionmysqli_stmt_bind_param($stmt, "si", $name, $age)
: binds parameters to the prepared statementmysqli_stmt_execute($stmt)
: executes the prepared statement
onelinerhub: How to bind parameters in a MySQL database using PHP?