I've just completed my first prepared statement, converted to using them for security reasons. I've tested it and it works however I am looking for feedback (constructive criticism welcomed) regarding the code itself although I understand it 's fairly basic. Here's teh code:
//prepared statement example
$query = "SELECT ID FROM users WHERE email = ?";
$email = 'email@example.com';
$statement = mysqli_stmt_init($connect);
mysqli_stmt_bind_param($statement, 's', $email);
Also, is using mysqli_stmt_close necessary? Am I correct in saying that without using this function I will not be able to create another prepared statement within that script? - because I have tried the latter and it wouldn't work unless I did close the statement.