We will implement various prepared statement examples.
- code 1: Let’s make a ‘register module’ where we will insert username(email) & password using prepared statement.
File – insert.html
| <!DOCTYPE html> <html lang=”en”> <head> <meta charset=”UTF-8″> <meta http-equiv=”X-UA-Compatible” content=”IE=edge”> <meta name=”viewport” content=”width=device-width, initial-scale=1.0″> <title>insert record</title> </head> <body> <br> <font style=”font-size: 20px;”>Enter emailid(username) && password for registration…</font> <br> <br> <form action=”insert.php” method=”post”> <font style=”font-size: 20px;”>Email</font> <br> <input type=”email” name=”emailid”> <br><br> <font style=”font-size: 20px;”>Password</font> <br> <input type=”password” name=”pass”> <br> <br> <input type=”submit” value=”submit”> </form> <br> </body> </html> |
File – insert.php
| <?php // creating connection with mysql-database. $conn = mysqli_connect(‘localhost’,’root’,”,’prepared’); if ($conn) { echo “connection successfully created!”; } else { echo “plz check your connection! 🙁 “; } // ? = annonimos placeholder. $sql=”INSERT INTO register(id,username,passd) VALUES(NULL,?,?)”; $query = mysqli_prepare($conn,$sql); // if query failed then it will stoped here! if ($query) { echo “<br><br> your query executed!”; mysqli_stmt_bind_param($query,’ss’,$user,$passd); $user = $_POST[’emailid’]; $passd = $_POST[‘pass’]; $user = mysqli_real_escape_string($conn,$user); $passd = mysqli_real_escape_string($conn,$passd); // executing prepared statement. mysqli_stmt_execute($query); $n= mysqli_stmt_affected_rows($query); echo “<br><br> your affected rows “.$n; } else { echo “query not executed!”; } ?> |
- code 2: Let’s make an ’employee register module’ where we will insert employee’s name, age, salary & profile using prepared statement.
File – file.html
| <!DOCTYPE html> <html lang=”en”> <head> <meta charset=”UTF-8″> <meta http-equiv=”X-UA-Compatible” content=”IE=edge”> <meta name=”viewport” content=”width=device-width, initial-scale=1.0″> <title>insert data</title> </head> <body> <br> <font style=”font-size: 20px;”>Enter details…</font> <br> <br> <form action=”file.php” method=”post” enctype=”multipart/form-data”> <font style=”font-size: 20px;”>Name</font> <br> <input type=”text” name=”fname”> <br><br> <font style=”font-size: 20px;”>Age</font> <br> <input type=”text” name=”age”> <br><br> <font style=”font-size: 20px;”>Salary</font> <br> <input type=”text” name=”sal”> <br><br> <font style=”font-size: 20px;”>Profile(.jpg)</font> <br> <input type=”file” name=”img_file” class=”form-control” accept=”.jpg” title=”Upload profile image”/> <br> <br> <input type=”submit” value=”submit” name=”submit”> </form> </body> </html> |
file – file.php
| <?php error_reporting(0); $conn = mysqli_connect(‘localhost’,’root’,”,’prepared’); if($conn){ // echo “database connected!”; } else{ // echo “database not connected!”; } if (isset($_POST[‘submit’])) { if (isset($_FILES[‘img_file’][‘name’])) { $file_name = $_FILES[‘img_file’][‘name’]; $file_tmp = $_FILES[‘img_file’][‘tmp_name’]; move_uploaded_file($file_tmp,”./jpg/”.$file_name); // prepared statement $sql=”INSERT INTO `table2` (`enrollno`, `fname`, `age`, `sal`) VALUES (NULL,?,?,?)”; $query = mysqli_prepare($conn,$sql); if($query){ echo “<br><br> record updated!”; mysqli_stmt_bind_param($query,’sid’,$name,$age,$sal); $name = $_POST[‘fname’]; $age = $_POST[‘age’]; $sal = $_POST[‘sal’]; $name = mysqli_real_escape_string($conn,$name); $age = mysqli_real_escape_string($conn,$age); $sal = mysqli_real_escape_string($conn,$sal); mysqli_stmt_execute($query); // uploading image $sql2=”SELECT * FROM table2 WHERE fname=’$name’ && age=’$age’ && sal=’$sal'”; $query2 = mysqli_query($conn,$sql2); $row=mysqli_fetch_assoc($query2); $getid = $row[‘enrollno’]; //echo $getid; $sql3 = “UPDATE table2 SET profileimg=’$file_name’ WHERE enrollno=’$getid'”; $query3 = mysqli_query($conn,$sql3); if($query3){ echo “<br><br> image updated!”; } } else{ echo “<br><br> record not updated!!”; } }} ?> |
File – phpmyadmin before
File – phpmyadmin before
