How to insert into MySQL using mysqli

File sample.html <form action=”sample.php” method=”POST”> <input name=”name” type=”text”> <input name=”text” type=”text”> <input name=”submit” type=”submit” value=”Submit”> </form> File sample.php <?php if (isset($_POST[‘submit’])) { mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); $mysqli = new mysqli(‘localhost’, ‘user’, ‘password’, ‘mysampledb’); // replace every piece of data in SQL with question mark $sql = “INSERT INTO SampleTable (name, text) VALUES (?,?)” // 2 question … Read more

MySQLi prepared statements with IN operator [duplicate]

I’ve recently found the solution for my question. Maybe it’s not the best way to do it, but it works nice! Prove me wrong:) <?php $lastnames = array(‘braun’, ‘piorkowski’, ‘mason’, ‘nash’); $arParams = array(); foreach($lastnames as $key => $value) //recreate an array with parameters explicitly passing every parameter by reference $arParams[] = &$lastnames[$key]; $count_params = … Read more

Updating from MYSQL to MYSQLI [duplicate]

You can download a converter tool from here: The code it generates is pretty gross, mainly because of the way it implements the default database link argument with a $GLOBAL variable. (This also makes it easy to recognize when someone is using code that’s gone through the converter.) There’s also a MySQL Shim Library … Read more

Mysqli get_result alternative

Here is a neater solution based on the same principle as lx answer: function get_result( $Statement ) { $RESULT = array(); $Statement->store_result(); for ( $i = 0; $i < $Statement->num_rows; $i++ ) { $Metadata = $Statement->result_metadata(); $PARAMS = array(); while ( $Field = $Metadata->fetch_field() ) { $PARAMS[] = &$RESULT[ $i ][ $Field->name ]; } call_user_func_array( … Read more

MySQLI binding params using call_user_func_array

It must be like this: //connect $mysqli = new mysqli($host, $user, $password, $db_name); //prepare $stmt = $mysqli->prepare(“SELECT * FROM the_table WHERE field1= ? AND Field2= ?”); //Binding parameters. Types: s = string, i = integer, d = double, b = blob $params= array(“ss”,”string_1″,”string_2″); //now we need to add references $tmp = array(); foreach($params as $key … Read more

Is mysql_real_escape_string() necessary when using prepared statements?

No, prepared queries (when used properly) will ensure data cannot change your SQL query and provide safe querying. You are using them properly, but you could make just one little change. Because you are using the ‘?’ placeholder, it is easier to pass params through the execute method. $sql->execute([$consulta]); Just be careful if you’re outputting … Read more