Sample code sharing for bind_param() function usage in php-PHP Tutorial-php.cn

Sample code sharing for bind_param() function usage in php

黄舟

Release： 2023-03-07 07:04:01

Original

873 people have browsed it

This article mainly introduces the usage of bind_param() function in php, and briefly analyzes the functions, parameters, usage methods and related precautions of the bind_param() function. , friends who need it can refer to

The example in this article describes the usage of bind_param() function in php. Share it with everyone for your reference, the details are as follows:

It is not difficult to understand literally, the binding parameters; let me talk about it through an example of binding parameters:

for example:

bind_param("sss", firstname,lastname, $email);

Copy after login

1. This function binds SQL parameters and tells the database the value of the parameters. The "sss" parameter column handles the data types of the remaining parameters. The s character tells the database that the parameter is a string.

The parameters have the following four types:

i - integer (integer type) d - double (double precision
floating point type ) s - string (string)
b - BLOB (Boolean value)

Each parameter needs to specify the type.

By telling the database the data type of the parameter, you can reduce the risk of SQL injection.

2. The above firstname, lastname, and $email are passed by

quotes, which cannot be directly written as strings after PHP5.3. In order to verify this conclusion, I wrote here A test is as follows:

$servername="localhost";
$username="root";
$password="admin";
$dbname="test";
$conn=new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error){
 die("connected failed:".$conn->connect_error);
}
$sql="INSERT INTO user(user_first,user_last,age)VALUES(?,?,?)";
$stmt=$conn->prepare($sql);
$stmt->bind_param("sss","xiao","hong",22);
$stmt->execute();
echo "News records created successfully!";
$stmt->close();
$conn->close();

Copy after login

Above I wrote a test program that writes parameters directly into strings. After running, it pops up:

Finally, I will program Rewritten as follows:

$servername="localhost";
$username="root";
$password="password";
$dbname="test";
$conn=new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error){
   die("Connect failed:".$conn->connect_error);
}
$sql="INSERT INTO user(user_first,user_last,age)VALUES(?,?,?)";
$stmt=$conn->prepare($sql);
$stmt->bind_param("sss",$user_first,$user_last,$age);
$user_first="xiao";
$user_last="hong";
$age=12;
$stmt->execute();
echo "News records created successfully!";
$stmt->close();
$conn->close();

Copy after login

The above is the detailed content of Sample code sharing for bind_param() function usage in php. For more information, please follow other related articles on the PHP Chinese website!