$resultSpendStmt = $connection->prepare(...);
$array->bind_param("sdidi", $A, $B, $C, $D, $E);
$array->execute();
$array->store_result();
$array->bind_result($F, $G, $H, $I, $J, $K);
I am still a little unsure what bind_param does. Can someone give me an example as to what is means?
When you prepare an SQL statement, you can insert a placeholder (
?
) where a column value would go, then usebind_param()
to safely substitute that placeholder for the real column's value. This prevents any possibility of an SQL injection.You can read more about bind_param() here.