Prepared statements makes total sense, except the example in the book does not include a while loop. See my comparison below, I assume they would be very similar.
In regular queries we use:
$q = "SELECT user_id FROM users WHERE user_id = '$id'";
$r = @mysqli_query($dbc, $q);
while($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
// print out array
}
But in prepared statements would it be like so?
$q = "SELECT user_id FROM users WHERE user_id = ?";
// Prepare the statement
$stmt = mysqli_prepare($dbc, $q);
mysqli_stmt_execute($stmt);
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
// print out array
}
** I'm assuming the while loop goes after the mysqli execution.
Is this correct?
Thanks,
Mark