search

Home  >  Article  >  Backend Development  >  Sample code sharing for bind_param() function usage in php

Sample code sharing for bind_param() function usage in php

黄舟
黄舟Original
2017-03-29 09:10:17988browse

This article mainly introduces the usage of bind_param() function in php, and briefly analyzes the functions, parameters, usage methods and related precautions of the bind_param() function. , friends who need it can refer to

The example in this article describes the usage of bind_param() function in php. Share it with everyone for your reference, the details are as follows:

It is not difficult to understand literally, the binding parameters; let me talk about it through an example of binding parameters:

for example:

bind_param("sss", firstname,lastname, $email);

1. This function binds SQL parameters and tells the database the value of the parameters. The "sss" parameter column handles the data types of the remaining parameters. The s character tells the database that the parameter is a string.

The parameters have the following four types:

i - integer (integer type) d - double (double precision
floating point type ) s - string (string)
b - BLOB (Boolean value)

Each parameter needs to specify the type.

By telling the database the data type of the parameter, you can reduce the risk of SQL injection.

2. The above firstname, lastname, and $email are passed by

quotes, which cannot be directly written as strings after PHP5.3. In order to verify this conclusion, I wrote here A test is as follows: 

$servername="localhost";
$username="root";
$password="admin";
$dbname="test";
$conn=new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error){
 die("connected failed:".$conn->connect_error);
}
$sql="INSERT INTO user(user_first,user_last,age)VALUES(?,?,?)";
$stmt=$conn->prepare($sql);
$stmt->bind_param("sss","xiao","hong",22);
$stmt->execute();
echo "News records created successfully!";
$stmt->close();
$conn->close();

Above I wrote a test program that writes parameters directly into strings. After running, it pops up:

Finally, I will program Rewritten as follows: 

$servername="localhost";
$username="root";
$password="password";
$dbname="test";
$conn=new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error){
   die("Connect failed:".$conn->connect_error);
}
$sql="INSERT INTO user(user_first,user_last,age)VALUES(?,?,?)";
$stmt=$conn->prepare($sql);
$stmt->bind_param("sss",$user_first,$user_last,$age);
$user_first="xiao";
$user_last="hong";
$age=12;
$stmt->execute();
echo "News records created successfully!";
$stmt->close();
$conn->close();

The above is the detailed content of Sample code sharing for bind_param() function usage in php. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Detailed introduction to how PHP uses the exec() function under PDO to query the number of affected rows after execution.Next article:Detailed introduction to how PHP uses the exec() function under PDO to query the number of affected rows after execution.

Related articles

See more