What are some alternative methods to executing multiple SQL statements in PHP other than mysqli::multi_query?

Using mysqli::multi_query can be risky as it allows for potential SQL injection vulnerabilities if the statements are not properly sanitized. To execute multiple SQL statements in PHP safely, you can use prepared statements with parameter binding. This method ensures that user input is properly escaped and prevents SQL injection attacks.

// Establish a connection to the database
$mysqli = new mysqli(&quot;localhost&quot;, &quot;username&quot;, &quot;password&quot;, &quot;database&quot;);

// Define the SQL statements to be executed
$sql1 = &quot;INSERT INTO table1 (column1, column2) VALUES (?, ?)&quot;;
$sql2 = &quot;UPDATE table2 SET column1 = ? WHERE id = ?&quot;;

// Prepare the statements
$stmt1 = $mysqli-&gt;prepare($sql1);
$stmt2 = $mysqli-&gt;prepare($sql2);

// Bind parameters
$stmt1-&gt;bind_param(&quot;ss&quot;, $value1, $value2);
$stmt2-&gt;bind_param(&quot;si&quot;, $value3, $id);

// Set parameter values
$value1 = &quot;value1&quot;;
$value2 = &quot;value2&quot;;
$value3 = &quot;value3&quot;;
$id = 1;

// Execute the statements
$stmt1-&gt;execute();
$stmt2-&gt;execute();

// Close the statements and the connection
$stmt1-&gt;close();
$stmt2-&gt;close();
$mysqli-&gt;close();

Keywords

PHP SQL PDO prepared statements transactions

What are some alternative methods to executing multiple SQL statements in PHP other than mysqli::multi_query?

Keywords

Related Questions