What are the best practices for querying and inserting data into relational tables in PHP?
When querying and inserting data into relational tables in PHP, it is important to use prepared statements to prevent SQL injection attacks and to properly handle errors. Additionally, it is recommended to sanitize user input before inserting it into the database to ensure data integrity.
// Connect to the database
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Querying data from a relational table
$stmt = $conn->prepare("SELECT * FROM table_name WHERE column_name = ?");
$stmt->bind_param("s", $column_value);
$column_value = "some_value";
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// Process the data
}
// Inserting data into a relational table
$stmt = $conn->prepare("INSERT INTO table_name (column1, column2) VALUES (?, ?)");
$stmt->bind_param("ss", $value1, $value2);
$value1 = "value1";
$value2 = "value2";
$stmt->execute();
// Close the connection
$conn->close();