Generally developers use the prepared statement in order to connect to the MYSQL server in order to prevent the SQL Injections from the hackers from the user forms.
Here is the code for connecting to the server and selecting the database.
Here i am using the database "newsonspot". Place the bellow code in connect.php
//connect.php
<?php
$con=new mysqli(host_name,username,password,"newsonspot");
?>
//Code for retriving the data using PHP prepare statements.Here i am getting the email ID of the person whose username is "smartsiva" (Select.php)
<?php
require("connect.php");
if($u_data=$con->prepare("SELECT email FROM users WHERE uname=? "))
{
$u_data->bind_param("s","smartsiva");
$u_data->bind_result($ema);
$u_data->execute();
while($row=$u_data->fetch()){
echo $ema;
}
}
In bind_param() function first parameter is the datatypes of the data we are sending to the MYSQL server ,
they may be one of the following :
s-string
i-integer
b-blob
d-double
Here "smartsiva" is string so i used "s" there.
Here is the code for connecting to the server and selecting the database.
Here i am using the database "newsonspot". Place the bellow code in connect.php
//connect.php
<?php
$con=new mysqli(host_name,username,password,"newsonspot");
?>
//Code for retriving the data using PHP prepare statements.Here i am getting the email ID of the person whose username is "smartsiva" (Select.php)
<?php
require("connect.php");
if($u_data=$con->prepare("SELECT email FROM users WHERE uname=? "))
{
$u_data->bind_param("s","smartsiva");
$u_data->bind_result($ema);
$u_data->execute();
while($row=$u_data->fetch()){
echo $ema;
}
}
In bind_param() function first parameter is the datatypes of the data we are sending to the MYSQL server ,
they may be one of the following :
s-string
i-integer
b-blob
d-double
Here "smartsiva" is string so i used "s" there.
In Life every second is important, In programming every line of code is important.
0 comments:
Post a Comment