msqli_* prevent SQL injection

To avoid your code be vulnerable, especially for preventing SQL injection. You may need the mysqli_* function and prepare statement of it to make it.

I will make some examples, such like this:

• The SELECT sentence like this:

$stmt = $conn->prepare('SELECT column_name FROM table_name WHERE column_name = ?');$stmt->bind_param('s', $varname);$stmt->execute();$result = $stmt->get_result();

• The INSERT sentence like this:

$stmt = $conn->prepare('INSERT INTO table_name(column_name_f, column_name_s) VALUES(?,?)');$stmt->bind_param('ss', $var_name_f, $var_name_s);$stmt->execute();$stmt->close();

---

So the only question you guys want to know is that mysterious ‘s’.
Not other mean, just String.

And other’s just as the word the said.
- bind_param which bind param like $var_name_f with the first question mark in this string(’s’) format.
- execute means that the statement will execute the sql sentence.
- close, just close connection;