UltraMega Blog

Using MySQL Prepared Statements in PHP

Prepared statements in MySQL are an alternative to writing raw SQL code to execute. Instead, you write a statement with placeholders (?) where you want variable to go, then attach variables to those placeholders.

A prepared statement is basically a template that can be reused with different variables. There are some benefits and drawbacks to prepared statements that should be considered:


  • Prevents SQL injection without needing to escape data
  • Allows you to repeat the same statement without the overhead of parsing the SQL
  • Allows you to send raw binary data in packets
  • Creates code that is easier to read by separating SQL logic from data


  • Slower for one time queries since it requires two requests from the MySQL server
  • Placeholders can only be used for values and not table/column names

Conclusion: I'd say prepared statements win due to security benefits alone

PHP supports MySQL prepared statements using the Mysqli (MySQL Improved) extension in PHP 5 via the MySQLi_STMT class. They are fairly easy to use once you get used to the differences from writing raw SQL statements. This tutorial will explain how to use prepared statements.


Modifying Templates Using DOMDocument In PHP

In the previous post, Generating HTML5 Documents Using DOMDocument In PHP, we explored the PHP DOMDocument class by generating an HTML5 page completely within PHP. Now, we'll look at a more practical application that involves modifying an existing template. The template gives us a good starting point so we can focus on generating only the dynamic parts of the page.

Tagged as: , , Continue reading

Generating HTML5 Documents Using DOMDocument In PHP

PHP 5 includes a powerful set of DOM manipulation classes that gives you full control over HTML and XML documents. This functionality behaves very similar to JavaScript's DOM manipulation engine. In this tutorial, we'll explore the DOMDocument class by generating an entire HTML5 page without writing a single bit of raw markup. This may not be practical for most applications, but it should give you a good idea of how the basic DOMDocument methods work.

Tagged as: , , Continue reading