PHP MySQLi Prepared Statement
Overview of PHP MySQLi Prepared Statement
In these ways of coding coder can protect there database and code form hackers. a hacker trying to inject your code and trying to get your all data from your database. so please use PHP MySQLi Prepared Statement and using parameter in delete query, update query & select query.
SQL injection
An SQL injection is a code injection technique, used to attack data-driven applications in which malicious SQL statements are inserted into an entry field for execution. read more
PHP Mysqli Insert Query with Object
<?php
$variable_1 = "data1";
$variable_2 = "data2";
$variable_3 = "data3";
if($stmt = $conn->prepare("INSERT INTO tablename(filed1,filed2,filed3) VALUE(?,?,?)"))
{
$stmt->bind_param("sss",$variable_1, $variable_2, $variable_3);
if($stmt->execute())
{
echo "Success";
}
}
unset($stmt);
?>
PHP Mysqli Select Query with Object
<?php
if($stmt = $conn->prepare("SELECT filed1,filed2,filed3 FROM tablename"))
{
$stmt->execute();
$stmt->bind_result($variable_1, $variable_2, $variable_3);
$stmt->store_result();
while($stmt->fetch())
{
echo $variable_1."<br/>";
echo $variable_2."<br/>";
echo $variable_3."<br/>";
}
}
unset($stmt);
?>
PHP Mysqli Select Query With Parameter
<?php
$variable_1 = "data1";
if($stmt = $conn->prepare("SELECT filed1,filed2,filed3 FROM tablename WHERE filed1 = ?"))
{
$stmt->bind_param("s",$variable_1);
$stmt->execute();
$stmt->bind_result($variable_1, $variable_2, $variable_3);
$stmt->store_result();
while($stmt->fetch())
{
echo $variable_1."<br/>";
echo $variable_2."<br/>";
echo $variable_3."<br/>";
}
}
unset($stmt);
?>
PHP Mysqli Select Query With Parameter & Store Data in Array
<?php
$stmt = $conn->prepare("SELECT * FROM tablename");
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_assoc())
{
$array[] = $row;
}
$stmt->close();
print_r($array);
?>
PHP Mysqli Update Query With Parameter
<?php
$variable_1 = "data1";
$variable_2 = "data2";
$variable_3 = "data3";
if($stmt = $conn->prepare("UPDATE package SET filed2 = ?,filed3 = ? WHERE filed1 = ?"))
{
$stmt->bind_param("sss",$variable_1, $variable_2, $variable_3);
if($stmt->execute())
{
echo "Updated Successfully";
}
}
unset($stmt);
?>
PHP Mysqli Delete Query With Parameter
<?php
$variable_1 = "some_value";
if($stmt = $conn->prepare("DELETE FROM tablename WHERE some_column = ?"))
{
$stmt->bind_param("s",$variable_1);
if($stmt->execute())
{
echo "Success";
}
}
unset($stmt);
?>
PHP Mysqli get number of rows
<?php
//before use num_rows "store results()"
$stmt->store_result();
$variable = $stmt->num_rows;
?>
Globination Development Team.
If you want more information or work with us so please contact us and if you improve this conversion please comment bellow.