<?php
/*
i - integer
d - double
s - string
b - BLOB
*/
$conn = new mysqli($servername, $username, $password, $dbname);
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);
$stmt->execute();
$stmt->close();
$conn->close();
// alternatives to prepared statements
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
$city = $mysqli->real_escape_string($city);
$mysqli->query("INSERT into myCity (Name) VALUES ('$city')"))
ruku
@ruku 0 0 0
Prepared Statements & Safe Inputs
10:17 pm PHP
Updated on