8
$resultSpendStmt = $connection->prepare(...);
$array->bind_param("sdidi", $A, $B, $C, $D, $E);
$array->execute();
$array->store_result();
$array->bind_result($F, $G, $H, $I, $J, $K);

I am still a little unsure what bind_param does. Can someone give me an example as to what is means?

Dharman
  • 30,962
  • 25
  • 85
  • 135
cool_cs
  • 1,661
  • 6
  • 20
  • 26

1 Answers1

13

When you prepare an SQL statement, you can insert a placeholder (?) where a column value would go, then use bind_param() to safely substitute that placeholder for the real column's value. This prevents any possibility of an SQL injection.

You can read more about bind_param() here.

Litty
  • 1,856
  • 1
  • 16
  • 35