I have long used the mysql_query() to do my stuff but now I am

Question

0

Asked: May 23, 20262026-05-23T06:32:32+00:00 2026-05-23T06:32:32+00:00

I have long used the mysql_query() to do my stuff but now I am

0

I have long used the mysql_query() to do my stuff but now I am shifting to prepared statements for two reasons:
performance and no sql injection possibility

This is how I am using it:

function add_new_user($e_mail1,$username,$pass)
    {
    require_once "db.php";

$stmt = $mysqli->prepare("INSERT INTO un_users VALUES ('',?, ?,0,0,?,0)");
$stmt->bind_param('sss', $e_mail1, $username,$pass); 

$stmt->execute();    
$stmt->close();
    }

I am not sanitizing the three variables ($e_mail1,$username,$pass) when i pass them to the function or anything else.

Am I doing it the correct way or did I screw up somewhere or need to do something else?
I’m a newbie with this (still going through the docs) so feel free to shower your knowledge 😀

Thanks!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T06:32:33+00:00

Editorial Team

2026-05-23T06:32:33+00:00Added an answer on May 23, 2026 at 6:32 am

Yes, you are doing it correctly.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have long used the mysql_query() to do my stuff but now I am

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply