• GeeksZone/
  • PHP Tutorial/
  • Update data in MySQL with PHP using Prepared Statements to Prevent SQL Injection

Update data in MySQL with PHP using Prepared Statements to Prevent SQL Injection

Guide on using Prepared Statements in PHP to update data in MySQL securely and efficiently. This PHP code helps prevent SQL Injection vulnerabilities when working with databases.

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Prepare SQL statement with placeholders
$sql = "UPDATE table_name SET column1 = ?, column2 = ? WHERE id = ?";

// Create Prepared Statement
$stmt = $conn->prepare($sql);

if ($stmt === false) {
    die("Prepare failed: " . $conn->error);
}

// Bind parameters to the statement
$stmt->bind_param("ssi", $value1, $value2, $id);

// Set values for the parameters
$value1 = "New Value 1";
$value2 = "New Value 2";
$id = 1;

// Execute the statement
if ($stmt->execute()) {
    echo "Data updated successfully!";
} else {
    echo "Error updating data: " . $stmt->error;
}

// Close connection
$stmt->close();
$conn->close();
?>

Detailed explanation:

  1. Create connection:

    • new mysqli($servername, $username, $password, $dbname): Creates a connection to the MySQL database.

  2. Check connection:

    • if ($conn->connect_error): Checks if there is a connection error.

  3. Prepare SQL statement with placeholders:

    • UPDATE table_name SET column1 = ?, column2 = ? WHERE id = ?: Uses question marks (?) as placeholders for parameters.

  4. Create Prepared Statement:

    • $conn->prepare($sql): Creates a Prepared Statement object.

  5. Bind parameters to the statement:

    • $stmt->bind_param("ssi", $value1, $value2, $id): Binds parameters to the SQL statement. The characters "ssi" indicate the data types of the parameters (s for strings, i for integers).

  6. Set values for the parameters:

    • $value1 = "New Value 1";, $value2 = "New Value 2";, $id = 1;: Assigns specific values to the parameters.

  7. Execute the statement:

    • if ($stmt->execute()): Executes the statement and checks the result.

  8. Close connection:

    • $stmt->close();, $conn->close();: Closes the Prepared Statement and database connection.

PHP Version:

This code can run on PHP versions from 5.0 and above and requires the MySQLi extension.

Related

How to Automatically Generate a Table of Contents for Articles Using PHP

This article guides you on how to automatically create a table of contents for your articles using PHP, utilizing the `DOMDocument` class to parse HTML and build a structured table of contents with headers.
How to Write Data to an Excel File Using PHP

A detailed guide on how to write data to an Excel file using PHP with the help of the PHPExcel library or the more modern PhpSpreadsheet library.
How to send JSON POST request with PHP

A guide on how to use PHP to send a POST request with JSON data using cURL. The article includes a runnable PHP example along with detailed explanations.
Get the last character of a string in PHP

Guide on how to use PHP to get the last character of a string. This PHP code helps in easily retrieving the final character of a text string in string manipulation operations.
Example of Object-Oriented Programming (OOP) in PHP

A guide with a basic example of Object-Oriented Programming (OOP) in PHP, explaining how to use classes and objects to structure code using OOP principles.
Add watermark to image using PHP

A guide on how to add a watermark to an image using PHP with the GD library. This PHP script allows adding text or image watermark on top of the original image.
Creating a Simple Chat Application Using Socket.IO in PHP

A step-by-step guide to creating a simple chat application using Socket.IO in PHP, helping you understand how to utilize WebSocket for real-time communication.
How to use the str_pad() function in PHP

A detailed guide on how to use the `str_pad()` function in PHP to pad strings with different characters to a specified length. The article introduces various common uses of this function in programming.
Create image thumbnail with PHP

A guide on how to create an image thumbnail with PHP using the GD library. This PHP code helps resize an original image to a custom thumbnail size.
Guide to reading Excel files in PHP

A comprehensive guide on how to read content from Excel files (.xlsx, .xls) using PHP, utilizing the PHPExcel library, including installation and implementation steps.
main.add_cart_success
main.view_cart_and_checkout