0
0
PHPprogramming~20 mins

Prepared statements and why they matter in PHP - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Prepared Statements Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
Output of a prepared statement execution
What will be the output of this PHP code using a prepared statement?
PHP
<?php
$mysqli = new mysqli('localhost', 'user', 'pass', 'db');
$stmt = $mysqli->prepare('SELECT name FROM users WHERE id = ?');
$id = 2;
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->bind_result($name);
$stmt->fetch();
echo $name;
?>
AAn error because bind_param is missing a parameter
BThe name of the user with id 2
CEmpty output because fetch() was not called
DThe string 'id' printed instead of the name
Attempts:
2 left
💡 Hint
Remember that bind_param binds the variable by reference and fetch() retrieves the result.
🧠 Conceptual
intermediate
1:30remaining
Why use prepared statements?
Which of the following is the main reason to use prepared statements in PHP when working with databases?
AThey prevent SQL injection by separating code from data
BThey allow queries to run without a database connection
CThey automatically cache query results for faster access
DThey format the output of queries into JSON automatically
Attempts:
2 left
💡 Hint
Think about security and how user input is handled.
🔧 Debug
advanced
2:00remaining
Identify the error in this prepared statement code
What error will this PHP code produce when executed?
PHP
<?php
$mysqli = new mysqli('localhost', 'user', 'pass', 'db');
$stmt = $mysqli->prepare('INSERT INTO users (name, age) VALUES (?, ?)');
$name = 'Alice';
$age = 'twenty';
$stmt->bind_param('si', $name, $age);
$stmt->execute();
?>
ATypeError because 'twenty' is not an integer
BNo error, the data is inserted successfully
CSyntaxError due to wrong SQL syntax
DRuntime error because bind_param expects variables passed by reference
Attempts:
2 left
💡 Hint
Check the types expected by bind_param and the actual variable types.
📝 Syntax
advanced
1:30remaining
Which prepared statement code is syntactically correct?
Which option shows a syntactically correct way to prepare and execute a statement in PHP?
A
$stmt = $mysqli-&gt;prepare('SELECT * FROM users WHERE id = ?')
$stmt-&gt;bind_param('i', $id)
$stmt-&gt;execute()
B
$stmt = $mysqli-&gt;prepare('SELECT * FROM users WHERE id = ?');
$stmt-&gt;bind_param('i' $id);
$stmt-&gt;execute();
C
$stmt = $mysqli-&gt;prepare('SELECT * FROM users WHERE id = ?');
$stmt-&gt;bind_param(i, $id);
$stmt-&gt;execute();
D
$stmt = $mysqli-&gt;prepare('SELECT * FROM users WHERE id = ?');
$stmt-&gt;bind_param('i', $id);
$stmt-&gt;execute();
Attempts:
2 left
💡 Hint
Check for missing semicolons and correct quotes around types.
🚀 Application
expert
2:30remaining
How many rows will be returned?
Given this PHP code using prepared statements, how many rows will be returned by the query?
PHP
<?php
$mysqli = new mysqli('localhost', 'user', 'pass', 'db');
$stmt = $mysqli->prepare('SELECT * FROM users WHERE age > ?');
$age_limit = 30;
$stmt->bind_param('i', $age_limit);
$stmt->execute();
$result = $stmt->get_result();
echo $result->num_rows;
?>
AAn error because get_result() is not supported
BAll users regardless of age
CZero, because $age_limit is not defined with $
DThe number of users older than 30
Attempts:
2 left
💡 Hint
Check variable naming carefully.