Saturday, 12 May 2018

mysql - How to insert into MySQLusing a prepared statement with PHP





I am just learning about databases and I want to be able to store user inputs. What would be a basic example on how to get form data and save it to a database using PHP?



Also making the form secure from SQL attacks.


Answer



File sample.html










File sample.php



    if (isset($_POST['submit'])) {


$mysqli = new mysqli('localhost', 'user', 'password', 'mysampledb');

/* Check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}

$stmt = $mysqli->prepare("INSERT INTO SampleTable VALUES (?)");

$stmt->bind_param('s', $sample); // Bind $sample to the parameter

$sample = isset($_POST['sample'])
? $_POST['sample']
: '';

/* Execute prepared statement */
$stmt->execute();

printf("%d Row inserted.\n", $stmt->affected_rows);


/* Close statement and connection */
$stmt->close();

/* Close connection */
$mysqli->close();
}
?>



This is a very basic example. Many PHP developers today are turning to PDO. Mysqli isn’t obsolete, but PDO is much easier, IMHO.


No comments:

Post a Comment

casting - Why wasn't Tobey Maguire in The Amazing Spider-Man? - Movies & TV

In the Spider-Man franchise, Tobey Maguire is an outstanding performer as a Spider-Man and also reprised his role in the sequels Spider-Man...