Hi there,
I would like to do a bind_param, the problem is I don't know the names
of the fields in advance, or in fact how many fields I will be setting.
Look at this example code (from
<http://php.oregonstate.edu/manual/en/function.mysqli-stmt-bind-param.p
hp>)
$stmt = $mysqli->prepare("INSERT INTO CountryLanguage VALUES (?, ?,
?,?)");$stmt->bind_param('sssd', $code, $language, $official,
$percent);
I can build the prepare string alright, But what about the second line?
Of course I can build up the actual SQL query string like so:
$stmt = "INSERT INTO CountryLanguage VALUES (".$code.",
".$language.",".$official.", ".$percent.")";
Because of SQL injection that doesn't seem to be a good idea. What
should I do?
Cheers, Steffen
--
I'm trying a new usenet client for Mac, Nemo OS X.
You can download it at http://www.malcom-mac.com/nemo
