Consider the following code snippet:
$day = '3'; // form input
...
$stmt = $conn->stmt_init();
$q = 'INSERT INTO recording (release_day) VALUES(?)';
$stmt->prepare($q);
$stmt->bind_param('i', $day);
$stmt->execute();
...
The variable $day is a string from a form input, but i'm binding it to an integer. The database column is a smallint datatype.
I'm assuming the database is getting an integer, right? Do i need to do some sort of type casting before the binding? What is consider to be a good practice?
Do i need to do some sort of type casting before the binding?
You are already doing type casting here:
$stmt->bind_param('i', $day);
This coerces $day into an integer, because of the first parameter value 'i' and then passes that value to the database.
For example, if your variable were '123hello', only 123 would be passed.