PHP Prepared Statements

683 0


PHP Prepared Statements used to avoid sql injections. In this tutorial I explains how to implement prepared statement in php.
Steps for Implement Prepared statement in PHP 

  1. Make a connection with the database server
  2. Initialize all prepared statements
  3. Initialize all query templates
  4. Prepare all statements
  5. Assign all bind parameters
  6. Execute
  7. Close the prepared statements
  8. Done

Database Connection(config.php)

Structure of user table

Now Create a HTML Form for Data Insertion(index.php)

Code For Insert  Data Into Database Using PHP Prepared Statement. Put this code on the top of the index.php page

Store the query in a variable.
Prepares a statement returning a result set as aPrepared Statement.
We can use question marks (?) for values.
—we can then call the execute(array()) method.

Binding Datatypes

bind_params is the array of the parameters you want to bind.

Types: s = string, i = integer, d = double, b = blob

execute()  :-Execute the prepared statement. We can use an array of values to replace the question mark parameters.

close() :- Close the prepared statements.

Here is the full code that we have written during this tutorial:

For run this code on localhost create a database with name test and import the sql file available inside the download package.

 

Comments

comments

In this article

Join the Conversation