Search:

8000000'; $sth = $dbh->prepare( 'select Name, Population from country where Name like ?' ); $country_name .= '%'; $sth->bind_param("s", $country_name); $sth->execute(); $sth->bind_result($name, $population); while ($sth->fetch()) { printf ("%s %s
\n", $name, number_format($population)); } /* SQL Injections $query = sprintf( 'select Name, Population from country where Name = "%s"', $country_name); ## 'select bla from bli where a="'.$a.'" and b = "'.$b.'"'; ## sprintf 'select bla from bli where a="%s" and b = "%s"', $a, $b; $result = $dbh->query($query); $row = $result->fetch_assoc(); printf ("%s %s
\n", $row["Name"], $row["Population"] ); */