using bind_param with mysqli_query

Question

I want bind input from user befor add data to database , I wrote this code but I don't know how I complete it

$con=mysqli_connect('localhost', 'root', '', 'user');
$con->set_charset("utf8");
$result = mysqli_query($con,("INSERT INTO users(name, email, user_phone_number, password) VALUES (?,?,?,?)");

user input $name , $email , $user_phone_number , $password this pramter I don't want add directly to my database for that I used ????

in PDO I use bindValue but here what I should do ?

Do spend the time to go through the manual first http://php.net/manual/en/mysqli.quickstart.prepared-statements.php - There also isn't enough code in your question to support it. — Funk Forty Niner, Aug 12 '16 at 13:55

score 2 · Accepted Answer · edited Oct 01 '17 at 15:32

2

You don't use mysqli_query() with prepared statements, you use mysqli_prepare().

$stmt = mysqli_prepare($con, "INSERT INTO users(name, email, user_phone_number, password) VALUES (?,?,?,?)");
mysqli_stmt_bind_param($stmt, "ssss", $name, $email, $user_phone_number, $password);
$result = mysqli_stmt_execute($stmt);

edited Oct 01 '17 at 15:32

Nisse Engström

4,636
22
26
40

answered Aug 12 '16 at 14:46

Barmar

669,327
51
454
560

using bind_param with mysqli_query

1 Answers1

Linked