Jump to content

Prepared statements


chokk
 Share

Recommended Posts

Their purpose is not to separate SQL from user input. They are simply mechanisms to query the MySQL server."prepare" will prepare a query with some spaces reserved for data. A prepared statement lets you use a same query with different values easier than a normal query. I haven't looked much into it, but I believe it also will escape the information for you when using values in the query which makes it safer than normal queries.

Link to comment
Share on other sites

I thought one of the purposes of prepared statements was that you didn't have to escape user input?
That's correct. But if you only use mysqli_query() you'll have to escape the information yourself, which is what justsomeguy was referring to.
Link to comment
Share on other sites

Cool, thanks! Is the following a correct prepared statement and query?

$mysqli = new mysqli($host, $user, $name, $db);$result = $mysqli->prepare("SELECT * FROM table_name WHERE id=?");$result->bind_param("i", $input);$result->execute();$result->bind_result($var1, $var2, $var3);$result->fetch();$result->close();

Link to comment
Share on other sites

I have problems with the following snippet of code:

	function slet($person){	$mysqli = $this->connect;	$mysqli->connect();	$mysqli->prepare("DELETE FROM personer WHERE id = ?");	$mysqli->bind_param("i", $person);	$mysqli->execute();	$mysqli->close();}

Getting this error:

Fatal error: Call to undefined method mysqli::bind_param() in C:\wamp\www\...\...\sysadm.php on line 232

Link to comment
Share on other sites

$pst=$mysqli->prepare("DELETE FROM personer WHERE id = ?");$pst->bind_param("i", $person);

it will return a mysqli_stmt object which you have to cacth it in a variable eg. $pstnow you can call the method bind_param() of $pst object which is instance of mysqli_stmt class

Edited by birbal
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...