bindParam() Hold Five Parameter. PDO bindParam() Use For Prevent Sql Injection And Safe From Malware Hacker Attacker.

first parameter placeholder secend value third value type 4th value length And 5th Is Driver Option. Below The Example. Returns TRUE on success or FALSE on failure.

Example #1 Execute a prepared statement with named placeholders

<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>

Example #2 Execute a prepared statement with question mark placeholders

<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < ? AND colour = ?');
$sth->bindParam(1, $calories, PDO::PARAM_INT);
$sth->bindParam(2, $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>

Example #3

        $sql = "INSERT INTO USER (name,email,password,created) VALUES (?,?,?,NOW())";
        $stmt = $this->conn->prepare($sql);
        $stmt->bindParam(1,$name,PDO::PARAM_STR,25);// first parameter placeholder secend value third value type 4th value length
        $stmt->bindParam(2,$email,PDO::PARAM_STR,12);// first parameter placeholder secend value third value type 4th value length
        $stmt->bindParam(3,$password,PDO::PARAM_STR,12);// first parameter placeholder secend value third value type 4th value length
        $result = $stmt->execute(); // Returns TRUE on success or FALSE on failure.


        $stmt->close();


Example #4

$stmt = $this->conn->prepare("INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at) VALUES(?, ?, ?, ?, ?, NOW())");
        $stmt->bind_param("sssss", $uuid, $name, $email, $encrypted_password, $salt);
        $result = $stmt->execute();
        $stmt->close();



Example #5

<?php
/* Call a stored procedure with an INOUT parameter */
$colour = 'red';
$sth = $dbh->prepare('CALL puree_fruit(?)');
$sth->bindParam(1, $colour, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT, 12);
$sth->execute();
print("After pureeing fruit, the colour is: $colour");
?>