www.beanizer.org - MySQL prepared statement in PHP without 'mysqli' extension

Select

Home

Tips'n Tricks

Various

MySQL prepared statement in PHP without 'mysqli' extension

Prepared statements are maybe the strongest weapon we have against the sql injecting plague.
They exist in MySQL since version 4.1 on and we can access them directly from PHP if 'mysqli' extension is installed.
Unfortunately not all hosting providers provides it. But we can still use prepared statements directly from SQL.
Here is a simple example:


PREPARE my_statement FROM "SELECT myfield FROM mytable WHERE myothefield = ?";
SET @myparam = "whatever";
EXECUTE my_statement USING @myparam;
DEALLOCATE PREPARE my_statement;

< Prev		Next >

[ Back ]

Articles RSS feed

Latest Articles
SugarCRM integration with custom VB6 applications SugarCRM and Asterisk integration in Java ( II ) NuSOAP, HTTP Authentication and HTTP Proxy SugarCRM and Asterisk integration in Java - First steps SugarCRM integration - website session and SOAP session

Latest Software
Java Desktop Engine (ver 1.0) J2me ChartComponent - ver 1.5.2 Tunnel4J Thinlet-Helper JXosd ver. 1.0