mysql prepared statements update php

mysql prepared statements update php:

mysql prepared statements update php

You should use mysql prepared statements to prevent sql injections.

$mysqli = new mysqli($servername, $username, $password, $username);

Without prepared statement

$sql = "UPDATE userlimits SET name = '$name', comment = '$comment', symbol = '$symbol', stocklimit = '$stocklimit', currency = '$currency', under = '$under' WHERE id = '$id'";
$mysqli->query($sql);

With prepared statement

s – string

d – decimal

i – integer

$stmt = $mysqli->prepare("UPDATE userlimits SET name = ?, comment = ?, stocklimit = ?, currency = ?, under = ? WHERE id = ?");
$stmt->bind_param("ssdsii", $name, $comment, $stocklimit, $currency, $under, $id);
$stmt->execute();
$stmt->close();

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Nach oben scrollen