What is parameterized query?

by

A parameterized query (also known as a prepared statement) is a means of pre-compiling a SQL statement so that all you need to supply are the “parameters” (think “variables”) that need to be inserted into the statement for it to be executed. It’s commonly used as a means of preventing SQL injection attacks.

You can read more about these on PHP’s PDO page (PDO being a database abstraction layer), although you can also make use of them if you’re using the mysqli database interface (see the prepare documentation).

More Related Contents:

  1. to delete 14 row by 1 click
  2. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘WHERE `id` [closed]
  3. how to get client’s IP address in sql database [closed]
  4. Combine multiple sql / mysql queries in one query
  5. PHP Parse Error – Creating a PHP script to verify user and pass [duplicate]
  6. Cleansing User Passwords
  7. Commands out of sync; you can’t run this command now
  8. Best way to get result count before LIMIT was applied
  9. Get table column names in MySQL?
  10. How to resolve ambiguous column names when retrieving results?
  11. Loading .sql files from within PHP
  12. How to insert multiple rows from a single query using eloquent/fluent
  13. Best way to defend against mysql injection and cross site scripting
  14. Use bound parameter multiple times
  15. MySQL “NOT IN” query 3 tables
  16. PHP: multiple SQL queries in one mysql_query statement
  17. Laravel Eloquent, group by month/year
  18. Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?
  19. Why does this return Resource id #2? [duplicate]
  20. Fatal error: Uncaught exception ‘mysqli_sql_exception’ with message ‘No index used in query/prepared statement’
  21. How to generate unique id in MySQL?
  22. Pass array literal to PostgreSQL function
  23. How to SELECT DEFAULT value of a field
  24. I’m getting this error code: Invalid argument supplied for foreach() [duplicate]
  25. looping a SQL insert statement with dates
  26. Display an array in a readable/hierarchical format [duplicate]
  27. SELECT row by DATEPART()
  28. UNION syntax in Cakephp
  29. How do i search from serialize field in mysql database?
  30. PDO Exception Questions – How to Catch Them

Leave a Comment