PHP Variables
PHP Data Types
PHP Echo & Print
PHP Strings
PHP Numbers
PHP Constants
PHP Operators
PHP if...else...elseif Statements
Switch Statement
PHP Loops
PHP Arrays
Superglobals
PHP Coding Standards
PHP Form Handling
PHP Form Validation
PHP URLs Validation
PHP Form Required Validation
Complete Form Example
PHP File Functions Open/Read
PHP File Create/Write
PHP File Upload
PHP Cookies Handling
PHP Session Handling
PHP filter_var() Function
PHP Validation Filters
PHP Sanitization Filters
Using Filters
Filters Advanced
JSON
PHP Date and Time
MySQL Database
MySQL Connect
MySQL Commands-Creating a Table
MySQL Commands-Inserting The data
MySQL Commands-Prepared Statement
MySQL Commands-Selecting The Data
MySQL Commands-Where and Order By
MySQL Commands-Deleting And Updating The Data
PHP-OOP Introduction
PHP-Classes/Objects
PHP-Constructor/Destructor
PHP-Access Modifiers
PHP-Inheritance
PHP-Inheritance and Protected Access Modifier
PHP-Overriding Inherited Methods
PHP-Final keyword
PHP-Abstract Classes
PHP-Constants
PHP-Traits
PHP-Static Methods and Properties
Introduction to Functions
Defining A function
Returning Values From A Function
Dynamic Function Calls
Variable Scope
Understanding Arguments Or Parameters
Testing For A Function Existence
Returning Multiple Values From A Function
Making practical Use By Building Code Libraries For Code Re-usability
Using Include() And Require()
When you want to execute the same statement or similar statements multiple times with high efficiency you can used prepared statement and it is very useful against SQL injections. Prepare statement creates a template and send it to database. Parameters are left unspecified with ?. For example, INSERT INTO Visitors(?,?).
The database stores the result without executing it after parsing and compiling. You can then bind the values to the unspecified parameters and execute the database statement. Prepared statements has below three advantages.
1. It reduces the parsing time as the preparation is done only once for the statement.
2. Bound parameters helps to reduce bandwidth to the server as you need not send the whole query every time.
3. They are useful against SQL injections as the parameter values need to be correctly escaped and the template is not derived using external input.
Let us see example of Prepared Statement using MySQLi
?php
$server-name = "localhost";
$username = "username";
$password = "password";
$db_name = "my_project";
$conn = new mysqli($server_name, $username, $password, $db_name);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// prepare and bind the values
$statement = $conn->prepare("INSERT INTO Visitors(name, email) VALUES (?, ?, ?)");
$statement ->bind_param("ss", $name, $email);
// set parameters and execute
$name = "Ben";
$email = "ben@example.com";
$statement ->execute();
$name = "Paul";
$email = "paul@example.com";
$statement ->execute();
echo "New records created successfully";
$statement->close();
$conn->close();
?>
In the above php code while binding parameter “ss” lists the type of data that parameters are, and the arguments can be of below types.
i -integer
s -string
d -double
b -BLOB
Don't miss out!
Study Material
Quiz