mysql prepared statements update php

mysql prepared statements update php:

mysql prepared statements update php

You should use mysql prepared statements to prevent sql injections.

$mysqli = new mysqli($servername, $username, $password, $username);

Without prepared statement:

$sql = "UPDATE userlimits SET name = '$name', comment = '$comment', symbol = '$symbol', stocklimit = '$stocklimit', currency = '$currency', under = '$under' WHERE id = '$id'";
$mysqli->query($sql);

With prepared statement:

s – string

d – decimal

i – integer

$stmt = $mysqli->prepare("UPDATE userlimits SET name = ?, comment = ?, stocklimit = ?, currency = ?, under = ? WHERE id = ?");
$stmt->bind_param("ssdsii", $name, $comment, $stocklimit, $currency, $under, $id);
$stmt->execute();
$stmt->close();

Hinterlasse einen Kommentar

  Abonnieren  
Benachrichtige mich bei
Scroll to Top