Php Prepared Statements

As someone coming from .NET world and having used mostly Microsoft tools I have been enjoying PHP very much lately 🙂 You know, the best way to learn a programming language is to develop a project using it and so that is what I have been doing. I am coding a new web project using Php and MySQL. During this process, I will try to share some things that I think are important about Php. One of them is PHP prepared statements. Why? Because Php prepared statements are used against SQL Injection. They are very much like the parameterized queries in C#.

Using prepared statements you don’t concatenate the user input directly to your queries, instead you merge them with your queries using variables. Below is how you can use Php prepared statements:

Note: When binding parameters you need to pass a variable. This variable doesn’t actually have to be defined to bind it.

Hope this helps.
Good Luck,
Serdar

Leave a Reply

Your email address will not be published. Required fields are marked *