<?php
/* instantiate our class, and select our database automatically */
$sql = mysqli(‘localhost’,’user’,’password’,’database’);/*
let’s assume we’ve just received a form submission.
so we’ll receive the information, and we’ll escape it
this step is not necessary, but why not.
*/
$name = $_POST[‘name’];
$age = $_POST[‘age’];
$email = $_POST[’email’];

/* build the query, we’ll use an insert this time */
$query = $sql->prepare(“INSERT INTO `tablename` VALUES (‘?’,’?’,’?’);”);

/*
bind your parameters to your query
in our case, string integer string
*/
$query->bind_param(“sis”,$name,$age,$email);
/* execute the query, nice and simple */
$query->execute();
?>

Advertisements