Detailed explanation of the usage of bind_param() function in php

This article mainly introduces the usage of bind_param() function in php, and briefly analyzes the functions, parameters, usage methods and related precautions of bind_param() function. Friends in need can refer to it

Literally It is not difficult to understand the bound parameters; let me talk about it through an example of binding parameters:

for example:

bind_param ("sss", firstname,lastname, $email);

1. This function binds SQL parameters and tells the database the value of the parameters. The "sss" parameter column handles the data types of the remaining parameters. The s character tells the database that the parameter is a string.

The parameters have the following four types:

i - integer (integer type)
d - double (double precision floating point type)
s - string (string)
b - BLOB (Boolean value)

Each parameter needs to specify the type.

By telling the database the data type of the parameter, you can reduce the risk of SQL injection.

2. The above firstname, lastname, $email are passed by references, which cannot be directly written as strings after PHP5.3. In order to verify this conclusion, I wrote a test here, as follows:

$servername="localhost";
$username="root";
$password="admin";
$dbname="test";
$conn=new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error){
 die("connected failed:".$conn->connect_error);
}
$sql="INSERT INTO user(user_first,user_last,age)VALUES(?,?,?)";
$stmt=$conn->prepare($sql);
$stmt->bind_param("sss","xiao","hong",22);
$stmt->execute();
echo "News records created successfully!";
$stmt->close();
$conn->close();

Above I wrote a test program that writes parameters directly into strings. After running, it pops up:

Finally I rewrote the program as follows:

$servername="localhost";
$username="root";
$password="password";
$dbname="test";
$conn=new mysqli($servername,$username,$password,$dbname);
if($conn->connect_error){
   die("Connect failed:".$conn->connect_error);
}
$sql="INSERT INTO user(user_first,user_last,age)VALUES(?,?,?)";
$stmt=$conn->prepare($sql);
$stmt->bind_param("sss",$user_first,$user_last,$age);
$user_first="xiao";
$user_last="hong";
$age=12;
$stmt->execute();
echo "News records created successfully!";
$stmt->close();
$conn->close();

And the above program can be executed normally.

The above is the entire content of this article , I hope it will be helpful to everyone’s study.

Related recommendations:

bind_param() function usage analysis in php

Detailed explanation of the use of bindParam and bindValue in Yii2

Detailed explanation of the difference between bindParam and bindValue

The above is the detailed content of Detailed explanation of the usage of bind_param() function in php. For more information, please follow other related articles on the PHP Chinese website!