June 22, 2009 at 7:14 am #25230
everywhere I look everyone is using it, its in tutorials, its everywhere like people know what it does. php.net dosn’t help – can someone just in plain english tell me what it does? I can see the use in using the things attached to it, like execute and bind_param – but what is "stmt_init()"
Thx :DJune 22, 2009 at 10:24 am #59531
It’s for using Mysql prepared statements. Basically you can define a statement like "SELECT * FROM people WHERE lastname LIKE ?" and then specify parameters which are represented by ? in your statement.
This has 2 chief benefits. FIrstly you prepare the statement once but you can execute it many times, changing the parameters each time. This can be handy if you have a lot of INSERT statements to execute for instance. Also, it helps to prevent against SQL injection attacks because you aren’t concatenating parameters with the SQL statement as it’s done by the server instead.
I should point out it’s only available with the mysqli driver. Perhaps a future tutorial….June 22, 2009 at 11:18 am #59532
AHhhhh yes. I was just reading this too for all those who might be wondering whats going on…
Thanks dave :D much appreciated :)
You must be logged in to reply to this topic.