0

I want bind input from user befor add data to database , I wrote this code but I don't know how I complete it

$con=mysqli_connect('localhost', 'root', '', 'user');
$con->set_charset("utf8");
$result = mysqli_query($con,("INSERT INTO users(name, email, user_phone_number, password) VALUES (?,?,?,?)");

user input $name , $email , $user_phone_number , $password this pramter I don't want add directly to my database for that I used ????

in PDO I use bindValue but here what I should do ?

Improve this question
3
  • Do spend the time to go through the manual first php.net/manual/en/mysqli.quickstart.prepared-statements.php - There also isn't enough code in your question to support it. Commented Aug 12, 2016 at 13:55
  • @Fred-ii- I update my question Commented Aug 12, 2016 at 14:07
  • again; read the manual. There are examples in there Commented Aug 12, 2016 at 14:08

1 Answer 1

Reset to default
3

You don't use mysqli_query() with prepared statements, you use mysqli_prepare().

$stmt = mysqli_prepare($con, "INSERT INTO users(name, email, user_phone_number, password) VALUES (?,?,?,?)");
mysqli_stmt_bind_param($stmt, "ssss", $name, $email, $user_phone_number, $password);
$result = mysqli_stmt_execute($stmt);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.