What does bind_param() do?

Question

$resultSpendStmt = $connection->prepare(...);
$array->bind_param(\"sdidi\", $A, $B, $C, $D, $E);
$array->execute();
$array->store_result();
$array->bi         


        

Answer 1

When you prepare an SQL statement, you can insert a placeholder (?) where a column value would go, then use bind_param() to safely substitute that placeholder for the real column's value. This prevents any possibility of an SQL injection.

You can read more about bind_param() here.