Menu
As I know there is a way to input data into a mysql database with mysqli, where you do not have to use mysql_real_escape_string. I mean like this:
$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
$stmt->bind_param('sssd', "something", "something2", "something3", "123");
Now my question: Can you do the same with UPDATE instead of INSERT? What would the expression look like? Would it look like the following:
$stmt = $mysqli->prepare("UPDATE CountryLanguage SET some = ?, some2 = ?, some3 = ?, some4 = ?");
$stmt->bind_param('sssd', "something", "something2", "something3", "123");`
Thanks for your help.
504
The mysqli_prepare() function prepares an SQL statement for execution, you can use parameter markers ("?") in this query, specify values for them, and execute it later.
A prepared statement is a feature used to execute the same (or similar) SQL statements repeatedly with high efficiency. Prepared statements basically work like this: Prepare: An SQL statement template is created and sent to the database. Certain values are left unspecified, called parameters (labeled "?").
It would look the same, but don't forget the WHERE. Your example is correct.
186
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
