Week 12 - PHP & MySQL Part 3

Question 1

mysqli_prepare()

Answer 1

1. It will first prepare a template of the SQL query and uses ?’s for the values to keys.
2. Then the result is stored without executing the code.
3. The ?’s will be substituted with the values that the user has entered.

Question 2

mysqli_bind_param()

Answer 2

Used to bind variables to a prepared statement.

Question 3

What are SQL injections and how can they be prevented?

Answer 3

SQL injection is a code injection technique that might destroy your database by putting malicious code into form inputs.

A way to reduce these injections is by using mysqli_bind_param() and mysqli_prepare()

Question 4

What are method for “bulletproofing” errors?

Answer 4

• The error control operator @ is used to suppress any errors which may show up.
  It’s used in this way: @mysqli_connect()
• Checking submitted form data with isset()
• Using form validation.

Question 5

die() and exit()

Answer 5

These are statements used for terminating PHP script, meaning that the code will stop running where these statements are called/written.

Question 6

What’s the difference between mysqli_connect_error() & mysqli_connect_error(connection)?

Answer 6

The first will give the error string from the last database connection attempt, whereas the second show an error string from the last SQL query attempt.

Both will give an empty string if there are no errors.

Question 7

What’s the difference between mysqli_connect_errorno() & mysqli_connect_errorno(connection)?

Answer 7

The first will give the error number from the last database connection attempt, whereas the second show an error number from the last SQL query attempt.

Both will return a 0 if there are no errors.