Oct
06
INSERT a record using a prepared statement:
<?php $db = new mysqli("localhost", "db_username", "db_password", "db_name"); if (mysqli_connect_errno()) { die("Connect failed: " . mysqli_connect_error()); } // some relatively simple SQL // ...insert a user record $username = "dcking"; $password = "gu3ssth1sandwin5buck$"; $sql = "INSERT user (username, SHA1(password)) VALUES (?, ?)"; if ($stmt = $db->prepare($sql)) { $stmt->bind_param("ss", $username, $password); $stmt->execute(); echo "Number of user records inserted: " . $stmt->affected_rows; // clean up your mess! $stmt->close(); } else { die("Could not prepare SQL statement: $sql"); } $mysqli->close(); ?>
See also: MySQLI SELECT, MySQLI UPDATE, MySQLI DELETE, MySQLI Multi Query and Pagination