Good day !
There is a sql query:

 $gPlaceholderName = $mysqli->query("SELECT `gPlaceholderName` FROM `gData` WHERE `gID` = '$gID'");

Help make a prepared request and explain how to use them and make them yourself in the future.

  • one
    php.net/manual/ru/mysqli.quickstart.prepared-statements.php php.net/manual/ru/mysqli.prepare.php - Kirill Korushkin
  • Dear @ KirillKorushkin, I familiarized myself with this documentation, but with the practice of the problem, I would have one example for my case, and then I will understand. I don't know all the subtleties of building sql queries. A lot of horror about sql injection found out. - tonymore
  • @tonymore in the SELECT manual and you have a SELECT, in the manual one parameter is inserted in the WHERE and in yours (unless the type of bind_param is different). In the manual, detailed comments are written ... If you don’t have enough of them, how will the exact same example help with the exact same query but with a different table name? - Alexey Shimansky
  • one
    @tonymore check out: habrahabr.ru/post/143035 (read the comments too), you need to know this anyway. Successes! - Kirill Korushkin
  • 2
    @tonymore although there is a very clear conclusion at the end of this answer: stackoverflow.com/a/12202218/6104996 ... Read ........................ ........ просто я не замечал объяснения функции bind_param и не понимал что означала и откуда там бралась буква - yes, the manual basically says "Parameter labels should be associated with application variables with the functions mysqli_stmt_bind_param () and / or mysqli_stmt_bind_result () before launching a query or fetching strings "and if you go to php.net/manual/ru/mysqli-stmt.bind-param.php, look at what types are. That will be clear - Alexey Shimansky

1 answer 1

How to prepare and execute a SQL query?

In order to prepare and execute a SQL query you need:

  • Prepare a request

  • Bind a variable to parameters

  • Run query

Preparing a request

The prepare function prepares the SQL statement for execution.
Note: The following example is in the Object Oriented style.

 $gPlaceholderName = $mysqli->prepare("SELECT `gPlaceholderName` FROM `gData` WHERE `gID` = ?");

Bind variable to parameter

The bind_param function is responsible for binding variables to parameters.

 $gPlaceholderName->bind_param("i", $groupID);

The letter i stands for integer type.
The following are commonly used parameters:

  • i - the corresponding variable is of type integer

  • d - the corresponding variable is of type double

  • s - the corresponding variable is of type string

Execute the request

execute is responsible for executing the SQL query.

 $gPlaceholderName->execute();

Afterword

All submitted information is taken from official Russian PHP documentation.
I also wanted to thank Alexei Shimansky and Kirill Korushkin for instructing on the right path.