From the course: PHP: Accessing Databases with PDO and MySQLi
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Using prepared statements - PHP Tutorial
From the course: PHP: Accessing Databases with PDO and MySQLi
Using prepared statements
Among the advantages of choosing either PDO or MySQLi is their support for prepared statments which offer important security features. A prepared statement is a template for an SQL query that incorporates value from user input. The prepared statement contains a placeholder for each value that's stored in a variable. This not only makes it easier to embed the variables in your PHP code, it also prevents SQL injection attacks, because PDO and MySQLi automatically escape quotes and other characters before executing the query. Other advantages of using prepared statements are that they're more efficient when the same query is used more than once. And you combine the results from each column of the select query to named variables, making it easier to display the output. Both PDO and MySQLi use question marks as anonymous placeholders. In this example, the question marks represent the values for username and password, gathered from user input. You'll see later in the course how to bind the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.