Jump to content

changing from msqli procedural to procedural w/prepared statement


hikingwithu2
 Share

Recommended Posts

I have about 20 webpages that include mysqli procedural stuff, and I want to change those to mysqli procedural w/prepared statements. I've been through many sites that "teach" using prepared statements but none talk about converting an existing site to using them.

An example (some of my existing code):

if (isset($_POST['upload'])) {
$description = $_POST['description'];
$picAlt = $_POST['picAlt'];
$status = $_POST['status'];

mysqli_query($db, "INSERT INTO pics (fileName, description, picAlt, status) VALUES ('$fileName', '$description', '$picAlt', '$status')");
$_SESSION['message'] = "The photo has been saved";
header('location: photos_manager.php');
}

Do I simply change my code to this?:

if (isset($_POST['upload']))
{
$description = $_POST['description'];
$picAlt = $_POST['picAlt'];
$status = $_POST['status'];

$insertQry = 'insert into pics (fileName, description, picAlt, status) values(?,?,?,?)';
$insertStatement = mysqli_prepare($db,$insertQry);
mysqli_stmt_bind_param($insertStatement,'ssss',$_POST['fileName'], $_POST['description'],$_POST['picAlt'], $_POST['status']);
mysqli_stmt_execute($insertStatement);
mysqli_close($db);
$_SESSION['message'] = "The photo has been saved";
header('location: photos_manager.php');
}

Then what after that? Does anything else anywhere in my pages that use this insert need to be changed?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...