Mysqli prepared statements without binding parameters

Asked Sep 20 '18 at 11:10

Active Sep 20 '18 at 11:10

Viewed 25 times

How do you use prepared statements without having any parameters to bind, f.ex. an SELECT query for retrieving all columns and rows within an table?

As i understand, prepared statements are good for security and efficiency, but isnt it possible to use it ONLY for either security or efficiency?

I have tried to look up answers on this, but without any luck.

Code (outputs nothing)

$stmt = mysqli_stmt_init($link);
$sql = "SELECT * FROM `table`";
mysqli_stmt_prepare($stmt, $sql);
mysqli_stmt_execute($stmt);
$res = mysqli_stmt_get_result($stmt);
while($row = mysqli_fetch_array($res)){
    foreach($row as $val){
       printf($val\n);
       }
    }

asked Sep 20 '18 at 11:10

Setz

1

If you have no parameters and therefore nothing to bind then it is safe to use `->query()` – RiggsFolly Sep 20 '18 at 11:13
So prepared statements are only used if you have parameters to bind? If so, that would explain when to and not to use prepared statements. – Setz Sep 20 '18 at 11:27
That is correct – RiggsFolly Sep 20 '18 at 11:31
Thanks, thats good to know. – Setz Sep 20 '18 at 11:37

Mysqli prepared statements without binding parameters

0 Answers0