What exactly is $stmt and what is it's purpose? what does it stand for..
I'm following a tutorial that is using prepared statements and looked up stmt in the manual: http://php.net/manual/en/class.mysqli-stmt.php
and see that it is a class that "represents a prepared statement" - which i guess is a prepared sql statement that you slot a variable into. though I don't see how this id different to storing a sql statement as a string and then manipulating the string to add variables when you need?
"$stmt
" obviously (I think) stands for "statement". As a variable name it's arbitrary, you can name that variable anything you want. $stmt
is just rather idiomatic.
A prepared statement as such is a database feature. The database itself takes the query in two steps: first the query structure with placeholders, second the data to fill in the placeholders. The statement objects on the PHP side represent this separation and are there to give you a handle representing the prepared statement on the SQL server side.
The point of this separation is that there's no chance of having SQL injection problems due to incorrectly escaped arbitrary string values; it is also useful for performance if you reuse that prepared statement a number of times.
Working with statements is much safer than inserting variables into a plain SQL string. By using statements you prevent SQL injection. Take a look at:
How does the SQL injection from the "Bobby Tables" XKCD comic work?
&
How can I prevent SQL injection in PHP?
What exactly is $stmt and what is it's purpose?
It is a variable and stores a value
People do use it for statement - others are a bit more imaginative with variables name
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With