This question already has an answer here:
I have this line of code:
$search = mysqli_query($mysqli, "SELECT * FROM list WHERE ID= '$name' ");
And I want do it like this:
$example = $mysqli->prepare('SELECT * FROM list (ID) VALUES (?)');
But the problem is that I need enter the part "mysqli_query($mysqli,", how can I add it to my second line of code¿?
</div>
SQL syntax doesn't change when you use prepared statements. You just replace the variable with a placeholder.
$statement = $mysql->prepare("SELECT * FROM list WHERE ID= ? ");
$statement->bind_param("s", $name);
$statement->execute();