(PHP 5, PHP 7, PHP 8)
mysqli::prepare -- mysqli_prepare — Prepares an SQL statement for execution
Object-oriented style
Procedural style
Prepares the SQL query, and returns a statement handle to be used for further operations on the statement. The query must consist of a single SQL statement.
The statement template can contain zero or more question mark
(?
) parameter markers—also called placeholders.
The parameter markers must be bound to application variables using
mysqli_stmt_bind_param() before executing the statement.
mysql
Procedural style only: A mysqli object returned by mysqli_connect() or mysqli_init()
query
The query, as a string. It must consist of a single SQL statement.
The SQL statement may contain zero or more parameter markers
represented by question mark (?
) characters
at the appropriate positions.
Note:
The markers are legal only in certain places in SQL statements. For example, they are permitted in the
VALUES()
list of anINSERT
statement (to specify column values for a row), or in a comparison with a column in aWHERE
clause to specify a comparison value. However, they are not permitted for identifiers (such as table or column names).
mysqli_prepare() returns a statement object or false
if an error occurred.
If mysqli error reporting is enabled (MYSQLI_REPORT_ERROR
) and the requested operation fails,
a warning is generated. If, in addition, the mode is set to MYSQLI_REPORT_STRICT
,
a mysqli_sql_exception is thrown instead.
Example #1 mysqli::prepare() example
Object-oriented style
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
$city = "Amersfoort";
/* create a prepared statement */
$stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?");
/* bind parameters for markers */
$stmt->bind_param("s", $city);
/* execute query */
$stmt->execute();
/* bind result variables */
$stmt->bind_result($district);
/* fetch value */
$stmt->fetch();
printf("%s is in district %s\n", $city, $district);
Procedural style
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$link = mysqli_connect("localhost", "my_user", "my_password", "world");
$city = "Amersfoort";
/* create a prepared statement */
$stmt = mysqli_prepare($link, "SELECT District FROM City WHERE Name=?");
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "s", $city);
/* execute query */
mysqli_stmt_execute($stmt);
/* bind result variables */
mysqli_stmt_bind_result($stmt, $district);
/* fetch value */
mysqli_stmt_fetch($stmt);
printf("%s is in district %s\n", $city, $district);
The above examples will output:
Amersfoort is in district Utrecht