40: What are Prepared Statements and how to use them | PHP tutorial | Learn PHP programming

What are Prepared Statements and how to use them. Today we will learn how to connect to our database using Prepared Statements, which is also a better method of preventing SQL injection. The basic idea behind Prepared Statements, is to create placeholders in our SQL statements when we send them to our database. Then later we fill in the placeholders with parameters that the user send from a form.


First of all, thank you for all the support you have given me!

I am really glad to have such an awesome community on my channel. It motivates me to continue creating and uploading content! So thank you!

I am now using Patreon to share improved and updated lesson material, and for a small fee you can access all the material. I have worked hard, and done my best to help you understand what I teach.

I hope you will find it helpful 🙂

Material for this lesson: https://www.patreon.com/posts/php-40-download-15654449


Surin Farmwest says:

Daniel, once again, many thanks. With the updated videos the fog has dissipated and I can clearly see what you are doing now.

Hardcorebandit Gaming says:

hi im subbed since 13k i joined your notifction squad <3

Jordan-James Olivo says:

i got an error.
it said:
Warning: mysqli_stmt_execute() expects exactly 1 parameter, 0 given

Please help me :(….

Teody Girado says:

hi i just want to request if u could do cake php tuts 🙂 thank u

Ronel M. Dacillo says:

Great Lesson! Can you give some tutorials in Adobe Photoshop and Illustrator?

Max Price says:

What happened to tutorial #41 and #42 I cant seem to find them

Aravind Sanjeev says:

Can you make a video explaining when to use Procedure oriented programming and when to use OOP? Thanks.

adam hardy says:

Thanks very much for this. one question, what is the drawback of not using mysqli_stmt_init().  The code will work without it but why exactly do we need it?

Ivan says:

thank you very much, I couldn’t find any site about these topic and your tutorial had helped me

César Nontol says:

why do you ‘prepare’ a prepared statement? lol

J auer says:

Why when you’re saying is equal to in the code is there only one = sign? ($row = mysqli_fetch_assoc etc.

Robb hi says:

Great videos, But arent PDO:: starting to get more common than MySQLI ?

Karolis Sereika says:

Hi mmtuts. Could you make a video showing how to make comment reply system? Cant find the tutorial.. I am trying to build a blog by myself and its hard for a php beginner so i think a lot of learners would love to see how to make reply system.

Milan :D says:

i ‘ve noticed that the password test123 is not encrypted like the previous one? Does it have to do something with prepared statement or not?

Marshal Hembram says:

I want to add alert function instead of header function
Please help 🙂

kaushik ramanth says:

What happened to tutorial #41 and #42 I cant seem to find them

christian paul napalit says:

hi sir can give some tutorial on how to edit a frontend design using backend thanks 🙂 🙂

Sunny Dindoyal says:

where are lessons 41 and 42?

Sunny Dindoyal says:

is the mysqli_stmt_prepare() actually being executed? or is it only checking for failure?

darro van Lier says:

Bro, you really need to start using php pdo. mysqli is way too outdated.

Pak Home says:

sir u are genius, please upload part 41 & 42.

Nicolay says:

Great lesson!

fixurup says:

When I run $checkit = function_exists(‘mysqli_stmt_get_result’); it returns a 0 which means it doesn’t exist. How can all of the others exist/work and this one be missing?

mysqli_stmt_init() – works
mysqli_stmt_bind_param() — works
mysqli_stmt_execute() — works
mysqli_fetch_assoc() — works

Programming Programmer says:

what’s more safer, prepared statements or mysql_real_escape_string???

Mujahid Sac says:

Need some help please. I tried editing the source code, creating a page inserting questions into a new table within the same db, but it just doesn’t update the database. Now errors pop up either.

Rundll32 says:

if you had an UI on the col usernames then you don’t have to use the while loop , as there is only one possible outcome

Mujahid Sac says:

Love this! Great lesson. Could you do a tutorial on how to use mysqli_multi_query for inserting data into multiple tables simultaneously? I have been trying to figure it out and looking up all sorts of resources with no success all so yet.

 Write a comment


Do you like our videos?
Do you want to see more like that?

Please click below to support us on Facebook!