Quote:
Originally Posted by zerovic
If it's a simple insert query why do you have to use mysqli_prepare, mysqli_stmt_bind_param, mysqli_stmt_execute etc? I prefer using mysqli_query when inserting simple data to db..
|
Because eventually, this will be used across multiple machines (with multiple IPs) so I'd rather screw about with security issues now while its still relatively small, than have to deal with rewriting it at a later date to fix any potential security issues (while I'm still learning to code).
This is just my test project, the ultimate use for this will be to allow multiple employees to add data to a larger database that controls a multitude of content based websites from a central admin management system.