Home/ Questions/Q 8544599
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T12:35:59+00:00

I’m using statements to protect against sql injections… My question is what do i

  • 0

I’m using statements to protect against sql injections… My question is what do i need to repeat when looping multiple queries?

If you look at the second query, im not sure if the prepare statement needs to be insde the foreach loop

Something wrong with this summary code?

open database connection

// connect to database   
$conn = connect('r');

launch first query

$sql = "SELECT ... FROM ... WHERE xxx = ?";

$stmt = $conn->stmt_init();
$stmt->prepare($sql);
$stmt->bind_param('i', $albumid);
$stmt->bind_result(..., ...);
$stmt->execute();
$stmt->store_result();
$num_rows = $stmt->num_rows;

if ($num_rows  > 0) {
   loop results...
}

$stmt->free_result();

second query with repeats:

$sql = "SELECT ... FROM ... WHERE xxx = ?";

$stmt = $conn->stmt_init();
$stmt->prepare($sql); ///??????? inside or outside foreach loop ?????

foreach (... as $key => ...) {
    $stmt->bind_param('i', $key);
    $stmt->bind_result(...);
    $stmt->execute();
    $stmt->store_result();
    $num_rows = $stmt->num_rows;

    if ($num_rows  > 0) {
       loop results...
    }

   $stmt->free_result();
}

close database

// close database
$conn->close();
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You don’t have to prepare the query multiple times. Just bind the parameters and execute it multiple times.

    From the PHP Manual:

    For a query that you need to issue multiple times, you will realize
    better performance if you prepare a PDOStatement object using
    PDO::prepare() and issue the statement with multiple calls to
    PDOStatement::execute().

    Hope this helps.

    • 0