mysqli prepared statements

[skaterdav85]

I recently discovered php's object oriented syntax for mysqli and then saw the use of prepared statements. I read this tutorial:http://devzone.zend.com/article/686However, I didnt not understand what bound results are. Can someone explain what they are?Thanks!

[boen_robot]

Normally, you use something like mysqli::fetch_array() that returns an array of the results. You then access each array member to get the corresponding value, and once you make another call to fetch_array(), you get a new array.With binded results, instead of returning an array, you can create a variable that stores the corresponding column value, and then use the variable name directly, instead of processing an array. Another call to fetch() is going to change that variable's value.

[skaterdav85]

So what is the advantage of bound results? Just the fact that you can use the values from a particular column in the db later on in the script rather than outputting them right after they have been fetched?

[boen_robot]

I don't think there's an advantage of any kind... it's just an alternative way of dealing with the result.In a similar fashion, there's no real advantage of binded parameters - they're just another way to prevent SQL injections, which you'll prevent anyway if you use mysqli_real_escape_string() and explicitly type cast everything that's a number. Now... for binded parameters, you can argue that it's easier to work with them, because they automatically do the string and/or cast, but the point is that the resulting query is the same.