Jump to content

mysqli_prepare() prevents SQL injections?


Recommended Posts

I'm not quite following, so basically if i receive $_POST what was posted at INPUT form and lets say the input form name = test

//Does it work like this & what ist he question mark at SQL sentence. Is it the first binded parameter?. if ($stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?")) {$stmt->bind_param("s", $_POST['test']);$stmt->execute();
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...