Learning SELECT FROM WHERE prepared statements

Question

Can someone re-write the below code as a prepared statement?

result = mysqli_query($con,\"SELECT * FROM note_system WHERE note = \'$cnote\'\") 
or die(\"Erro         


        

Answer 1

This should help you on the right path...

$link = mysqli_connect("localhost", "my_user", "my_password", "world");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

$query = "SELECT id FROM note_system WHERE note = ?";

$stmt = mysqli_stmt_init($link);
if(!mysqli_stmt_prepare($stmt, $query)) {
    print "Failed to prepare statement\n";
}
else {
    $note = "mynote";
    mysqli_stmt_bind_param($stmt, "s", $note);

    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);
    while ($row = mysqli_fetch_array($result))
    {
        $nid = $row['id'];
    }
}

mysqli_stmt_close($stmt);
mysqli_close($link);