1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 4:57 pm Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Using mysqli and prepared statements to connect to database

mysqli prepared statements

         

monkeyracing

3:27 pm on Jan 29, 2010 (gmt 0)

10+ Year Member



Have a bit of .php which is conecting to a database and wanted to make it more secure by using mysqli and a prepared statement to connect to the database.

Currently the script pulls an id from the url string to select a databse row and write it out to the page /page.php?id=123

And wanted to use mysqli and a prepared statement to make it more secure.

Script that currently works is like this

<?
$username="username";
$password="passsword";
$database="database";

$storeid = $_GET['id'];
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database"); $query="SELECT * FROM tablename WHERE sl_id='$storeid'"; $result=mysql_query($query);

mysql_close();

?>

<?

$store=mysql_result($result,$i,"sl_store");
$address=mysql_result($result,$i,"sl_address");
$address2=mysql_result($result,$i,"sl_address2");
$city=mysql_result($result,$i,"sl_city");

?>

How would you achieve the same thing using mysqli and a prepared statement?

cheers in advance

coopster

1:59 pm on Feb 26, 2010 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



Welcome to WebmasterWorld, monkeyracing.

I'm not certain I can teach you any better than the PHP manual pages so let's start there with mysqli_prepare [php.net]. If you get stuck or run into issues, we're here for you ;)
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 4:57 pm Apr 28, 2026