What best practices should be followed when querying and retrieving data from a MySQL database in PHP?
When querying and retrieving data from a MySQL database in PHP, it is important to use prepared statements to prevent SQL injection attacks. Additionally, it is recommended to sanitize user input and validate data before executing any queries to ensure data integrity and security.
// Establish a connection to the MySQL database
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Prepare and execute a query using a prepared statement
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);
$username = "example_user";
$stmt->execute();
// Bind the result variables
$stmt->bind_result($id, $username, $email);
// Fetch the results
while ($stmt->fetch()) {
echo "ID: $id, Username: $username, Email: $email <br>";
}
// Close the statement and connection
$stmt->close();
$conn->close();