What does bind_param() do?

Question

$resultSpendStmt = $connection->prepare(...);
$array->bind_param("sdidi", $A, $B, $C, $D, $E);
$array->execute();
$array->store_result();
$array->bind_result($F, $G, $H, $I, $J, $K);

I am still a little unsure what bind_param does. Can someone give me an example as to what is means?

Answer 1

When you prepare an SQL statement, you can insert a placeholder (?) where a column value would go, then use bind_param() to safely substitute that placeholder for the real column's value. This prevents any possibility of an SQL injection.

You can read more about bind_param() here.