I am working the first time with prepare statements to prevent sql injections. I tried this code, which works fine:
$myInt = "5";
$myTxt = "Hello World";
$sql = $db->prepare("INSERT INTO `test` (`myInt`, `myTxt`, `myDate`, `myBool`) VALUES (?, ?, CURRENT_DATE(), NULL)");
$sql->bind_param("is", $myInt, $myTxt);
But why it works fine? $myInt is a string value. I set integer as bind_param type.
Can anyone explain me this situation ?