Prepared statements are all the rage right now in PHP development… and for good reason. Not only do prepared statements make your queries more secure… they also help future-proof your code by relying more heavily on PHP itself for that security.
If you’re not using prepared statements in your queries, you really should be. Here’s a simple class that helps you do just that using MySQLi:
I recommend walking through this code and unraveling how it all comes together. There are a few gotchas when using prepared statements in a dynamic way like this.
Or you could just check out my course PHP & MySQL 101 where I walk you step-by-step through building this exact class (and a lot more).