How to implement a prepared statement into mysql query

Asked Jan 06 '21 at 10:48

Active Jan 06 '21 at 10:48

Viewed 9 times

I'm currently using the following query to insert data into a table

$query = mysqli_query($connection, "SELECT * FROM booked_activities INNER JOIN activities ON booked_activities.activityID = activities.activityID WHERE booked_activities.customerID LIKE $_SESSION['customerID']");

I've been instructed to use prepare statements for the $_SESSION['customerID'].

Does this mean by just naming $_SESSION['customerID'] = $db_id? Or do I need to do something else to protect the data.

asked Jan 06 '21 at 10:48

DeeJJx

Also https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement and https://stackoverflow.com/questions/28385145/correct-way-to-use-like-var-with-prepared-statements-mysqli – Dharman Jan 06 '21 at 11:04
If you are only starting to learn PHP then you should learn PDO instead of mysqli. PDO is much easier and more suitable for beginners. Start here https://phpdelusions.net/pdo – Dharman Jan 06 '21 at 11:05

How to implement a prepared statement into mysql query

0 Answers0