the mysqli
extension provides several functions to write or set a value in a MySQL database:
mysqli_query()
– executes an SQL query on the database, including INSERT, UPDATE, DELETE, and other statements. For example, you can usemysqli_query()
to insert a new row into a table:
mysqli_query($connection, "INSERT INTO mytable (column1, column2) VALUES ('value1', 'value2')");
mysqli_prepare()
– prepares an SQL statement for execution, including INSERT, UPDATE, DELETE, and other statements. This function is useful when you need to execute the same SQL statement multiple times with different values. You can use placeholders in the SQL statement and bind parameters to them later. For example:
$stmt = mysqli_prepare($connection, "INSERT INTO mytable (column1, column2) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "ss", $value1, $value2);
$value1 = "value1";
$value2 = "value2";
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_param()
– binds parameters to a prepared statement. This function is used withmysqli_prepare()
to bind values to placeholders in an SQL statement. The first parameter specifies the data types of the parameters, and the subsequent parameters are the values to bind. For example:
$stmt = mysqli_prepare($connection, "UPDATE mytable SET column1=? WHERE id=?");
mysqli_stmt_bind_param($stmt, "si", $value1, $id);
$value1 = "new value";
$id = 123;
mysqli_stmt_execute($stmt);
mysqli_real_escape_string()
– escapes special characters in a string to be used in an SQL statement. This function is useful to prevent SQL injection attacks. For example:
$value = mysqli_real_escape_string($connection, $unescaped_value);
mysqli_query($connection, "INSERT INTO mytable (column1) VALUES ('$value')");
These are just a few examples of the many mysqli
functions available for writing or setting values in a MySQL database.