I don't get the bind param in php. Why must use bind but not just execute the query directly? is it because the query format is an array?
Asked
Active
Viewed 202 times
0
-
1Please copy the actual code in and not just a link to an image with the code. – h2ooooooo Jan 25 '14 at 13:35
-
@h2ooooooo this is from youtube, no code – user3207200 Jan 25 '14 at 13:42
-
Does this answer your question? [When should I use prepared statements?](https://stackoverflow.com/questions/24988867/when-should-i-use-prepared-statements) – Dharman Jan 10 '21 at 20:31
1 Answers
0
Assuming by the bind_param() function you're using mysqli extension. There is no clear answer to "Why can't you just execute the query itself?" except this one.
You're not using a simple query in this case, but you are creating a prepared statement. Prepared statements as Wikipedia states are parameterized form of queries.
So you can't execute a query which is missing parameters, in this case you're probably executing this query :
INSERT INTO people (first_name, last_name, bio, created) VALUES (?, ?, ?, YOUR_TIME_FUNCTION)
As you can notice three parameters are missing, so you can't possibly execute that query in that state. Instead, if you have a static query you can use the mysqli_query() function, which won't accept parameters since it expects an executable query.
Kei
- 771
- 6
- 17