This article mainly introduces the usage of bind_param() function in php, and briefly analyzes the functions, parameters, usage methods and related precautions of bind_param() function. Friends in need can refer to the example of this article
Describes the usage of bind_param() function in php. Share it with everyone for your reference, the details are as follows:
It is not difficult to understand literally, the binding parameters; let me explain it through an example of binding parameters:
for example:
bind_param("sss", firstname,lastname, $email);
1. This function binds SQL parameters and tells The value of the database parameter. The "sss" parameter column handles the data types of the remaining parameters. The s character tells the database that the parameter is a string.
The parameters have the following four types:
i - integer (integer type)
d - double (double precision floating point type)
s - string (string)
b - BLOB (Boolean value)
Each parameter needs to specify the type.
By telling the database the data type of the parameter, you can reduce the risk of SQL injection.
2. The above firstname, lastname, $email are passed by references, which cannot be directly written as strings after PHP5.3. In order to verify this conclusion, I wrote a test here, as follows:
$servername="localhost"; $username="root"; $password="admin"; $dbname="test"; $conn=new mysqli($servername,$username,$password,$dbname); if($conn->connect_error){ die("connected failed:".$conn->connect_error); } $sql="INSERT INTO user(user_first,user_last,age)VALUES(?,?,?)"; $stmt=$conn->prepare($sql); $stmt->bind_param("sss","xiao","hong",22); $stmt->execute(); echo "News records created successfully!"; $stmt->close(); $conn->close();
Above I wrote a test program that writes parameters directly into strings. After running, it pops up:
Finally I rewrote the program as follows:
$servername="localhost"; $username="root"; $password="password"; $dbname="test"; $conn=new mysqli($servername,$username,$password,$dbname); if($conn->connect_error){ die("Connect failed:".$conn->connect_error); } $sql="INSERT INTO user(user_first,user_last,age)VALUES(?,?,?)"; $stmt=$conn->prepare($sql); $stmt->bind_param("sss",$user_first,$user_last,$age); $user_first="xiao"; $user_last="hong"; $age=12; $stmt->execute(); echo "News records created successfully!"; $stmt->close(); $conn->close();
And the above program can be executed normally.
The above is the detailed content of Usage analysis of bind_param() function in php. For more information, please follow other related articles on the PHP Chinese website!