[SOLVED] need help with prepared statements

[darkfreaks]

this is my first time working with mysqli prepared statements i do not fully understand how the bind param works.

is the following correct ???

WHERE username= ? AND field2= ?

$statement->bind_param("s", $username);
$statement->bind_param("s", $password);
$statement->execute();

 

 

 

 

[MadTechie]

Okay lets assume username is a string and Field2 is a int

 

<?php

//setup
$test1 = $mysqli->prepare("SELECT * from table WHERE username= ? AND field2= ?");
$test1->bind_param('sd', $username, $field2);
//Note the sd thats string then digit
//the username is the string and first ?
//the field2 is the digit and second ?

//to execute.
$code = 'MadTechie';
$field2 = 5;
$test1->execute();

//results
printf("%d Row inserted.\n", $test1->affected_rows);
?>

[darkfreaks]

so woud i end up doing bind param 'SS' $username, $password ???

[MadTechie]

if you mean like this

//setup
$test1 = $mysqli->prepare("SELECT * from table WHERE username= ? AND password= ?");
$test1->bind_param('ss', $username, $pass);
//to execute.
$code = 'MadTechie';
$pass = 'YeahRight';
$test1->execute();

then yes