Mysqli statement to avoid SQL-injections

Safe arguments binding using Mysqli library to avoid injections in MySQL. Read more.

php
fork add to bundle source
function mysqli_safe($sql, $bind = []) { $db = mysqli_connect("127.0.0.1", "user", "pwd", "db"); $stmt = $db->prepare($sql); foreach ( $bind as $param ) { $stmt->bind_param('s', $param); # converts everything to string } $stmt->execute(); $result = $stmt->get_result(); return $result; }

usage

load_function('mysqli_safe'); $result = mysqli_safe( 'SELECT * FROM users WHERE email = ?', [ $_POST['email'] ] # it's safe to pass arguments directly from GET/POST ); // $user = $result->fetch_assoc(); // ...
← how to use this in app?
create log ...inout