Creating a prepared statement in PHP

Question

I wanted to write a PHP script in which i had to execute INSERT query in MySQL database using prepared statement.

As i am a beginner in PHP , i had no idea how to do it. so I looked it up on Stackoverflow and found this How to create a secure mysql prepared statement in php? .

So i started doing it in same way as done in the accepted answer BUT in the answer, there are some methods used, like

1. prepare to prepare the SELECT query

2. bind_param to bind parameters to query

3. close to close to $stmt

which are not suggested to me by Visual Studio Code when i try to use them. Also when i use these methods and hover the pointer over them, no documentation is shown by the Visual Studio Code which made me think whether these methods are available anymore or not.

Instead of prepare method, Visual Studio Code suggests odbc_prepare , instead of bind_param , it suggests mysqli_bind_param and instead of close , it suggests odbc_close .

I am using PHP 7.2

Question: Are methods like prepare , close , bind_param not available in PHP 7 and can i use the ones suggested to me by Visual Studio Code in place of these methods ?

Answer 1

Those function are not a standalone functions. They are methods of PDO objects. To learn more about PDO check this tutorial: PDO Tutorial

$pdo = new PDO();
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email AND status=:status');
$stmt->execute(['email' => $email, 'status' => $status]);
$user = $stmt->fetch();

Answer 2

You can only use these functions without an mysqli object in the procedural style with the mysqli_ prefix.

The object-orinted style is usually preferred however.

PHP.net has a comparison of the two approches .