MySQLi Prepared Statements - Insert Value in database table

MySQLi Prepared Statements - Insert Value in database table

MySQLi Prepared Statements - Insert Value in database table

By using Prepared statements, you reduce the parsing time and in Prepared statements we use bind param that minimize bandwidth to the server.

In Prepared statements, Same SQL statements is executed with high efficiency.

Prepared statements execution basically consists two stages :

  • First prepare the query for execution
  • Second execute the prepared statement

You can prevent SQL Injection Attacks by using prepared statments.

Now question is how you can assure that attacker will not able to change the intent of a query even if SQL queries are passed by an attacker.

Suppose if any attacker want to fetch your user data by some smart input such as WHERE 1=1 that return always true.

But with prepared statements, the parameterized query would not be vulnerable and it will look for a username which literally matched with passing string '1'='1.

  1. //Insert Value in database table using Prepared Statements in MySQLi
  2. $product_name = 'ExpertPHP';
  3. $product_price = '60000';
  4. $product_details = 'Provide Online Tutorials';
  5. $query = "INSERT INTO products (product_name, product_price, product_details) VALUES(?, ?, ?)";
  6. $stmt = $db->prepare($query);
  7. //There are four types of parameters to bind for markers, where (s = string, i = integer, d = double, b = blob)
  8. $stmt->bind_param('sss', $product_name, $product_price, $product_details);
  9. if($stmt->execute()){
  10. print 'Successfully inserted and Last inserted ID is : ' .$stmt->insert_id .'<br />';
  11. }else{
  12. die('Error : ('. $db->errno .') '. $db->error);
  13. }
  14. $stmt->close();

Here in this example, i use simply bind_param method to bind a parameter.

You notice that i have 3 parameters with similar type to bind then i use sss and if you have various type of parameter such as : name and height then you can define sd and if you have only one parameters such as : name then you can define only s.

Now in if condition, i execute statement by using $stmt->execute() method if above query execute successfully then it will give you last inserted id.

Phone: (+91) 8800417876
Noida, 201301
ataşehir escort maltepe escort bostancı escort kadıköy escort maltepe escort ataşehir escort tuzla escort pendik escort ümraniye escort kartal escort
pendik escort
izmir escort izmir escort izmir escort izmir escort denizli escort antalya escort antalya escort antalya escort izmir escort izmir escort izmir escort izmir escort izmir escort
hatay escort nevsehir escort nigde escort kirikkale escort batman escort osmaniye escort kirklareli escort tokat escort rize escort adiyaman escort gumushane escort batman escort
porno izle
cialis satış cialis fiyat cialis 20 mg cialis 100 mg cialis 5 mg fiyat
sohbet okey oyna
ankara escort marmaris escort bursa escort mersin escort antalya escort izmir escort samsun escort bodrum escort çeşme escort kuşadası escort adana escort eskişehir escort gaziantep escort esenyurt escort pendik escort tuzla escort fatih escort ümraniye escort mecidiyeköy escort kartal escort bahçelievler escort bahçeşehir escort ataşehir escort bakırköy escort nişantaşı escort avcılar escort büyükçekmece escort kurtkoy escort konya escort beşiktaş escort taksim escort beylikdüzü escort malatya escort sakarya escort şişli escort maltepe escort kadıköy escort ataköy escort bostancı escort şirinevler escort bağcılar escort üsküdar escort etiler escort başaksehir escort ortaköy escort kağıthane escort sultangazi escort halkalı escort çekmeköy escort şaşkınbakkal escort mamak escort sincan escort keçiören escort çankaya escort beypazarı escort akyurt escort pursaklar escort kahramankazan escort göztepe escort alsancak escort bornova escort buca escort karabaglar escort karşıyaka escort konak escort narlıdere escort izmit escort başiskele escort kandira escort körfez escort karamürsel escort dilovası escort gölcük escort gebze escort kocaeli escort kayseri escort elazığ escort denizli escort diyarbakir escort adana escort ankara escort izmir escort antalya escort gaziantep escort kayseri escort konya escort mersin escort denizli escort kocaeli escort diyarbakır escort