PHP Prepared Statements

PHP Prepared Statements used to avoid sql injections. In this tutorial I explains how to implement prepared statement in php.
Steps for Implement Prepared statement in PHP 

  1. Make a connection with the database server
  2. Initialize all prepared statements
  3. Initialize all query templates
  4. Prepare all statements
  5. Assign all bind parameters
  6. Execute
  7. Close the prepared statements
  8. Done

Database Connection(config.php)

Structure of user table

Now Create a HTML Form for Data Insertion(index.php)

Code For Insert  Data Into Database Using PHP Prepared Statement. Put this code on the top of the index.php page

Store the query in a variable.
Prepares a statement returning a result set as aPrepared Statement.
We can use question marks (?) for values.
we can then call the execute(array()) method.

Binding Datatypes

bind_params is the array of the parameters you want to bind.

Types: s = string, i = integer, d = double, b = blob

execute()  :-Execute the prepared statement. We can use an array of values to replace the question mark parameters.

close() :- Close the prepared statements.

Here is the full code that we have written during this tutorial:

For run this code on localhost create a database with name test and import the sql file available inside the download package.

View Demo

Download Source Code(PHP Prepared Statements)
Size: 2 KB
Version: V 1.0

About the author

Anuj kumar

I'm Anuj kumar a web developer with 4+ year experience .I write blogs in my free time. I love to learn new technologies and share with others. I founded PHPGurukul in September 2015. The main aim of this website to is provide php , jquery , mysql , phpoops and other web development tutorials. I am trying best effort to make PHPGurukul useful for every single moment spend on this website. If you think this website is useful to visit please share with your friend and buddies.

Leave a Comment

1 Comment

Subscribe For Latest Updates