Is data sanitize required after using PHP Prepared Statement?

Big on Hosting. Unlimited Space & Unlimited Bandwidth
If you are using Prepared statements in php for all your queries, then do you still need to sanitize user inputs?

Is any other data sanitize required to prevent sql injection or any other kind of security threat from user inputs??

Let’s say if the code is like this:

$query = “INSERT INTO user (name, email, desg, inst, country, address) VALUES (?,?,?,?,?,? )”;
$stmt = $con ->stmt_init();
$stmt -> prepare ($query);
$stmt -> bind_param(‘ssssss’,$name, $email, $desg, $inst, $country, $address);
$stmt ->execute();

Last edited by aditya2012; Today at 02:40 PM.

This entry passed through the Full-Text RSS service — if this is your content and you’re reading it on someone else’s site, please read the FAQ at


You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply