October 13th, 2013 214,598
Fortunately, it is possible to use prepared statements with MySQL and PHP using MySQLi extension. But, how to bind params, if their number is variable?
PHP MySQL extension is deprecated. PHP MySQLi extension is Object Oriented, supports Transactions and protects from SQL Injection, using Prepared Statements.