Question:What is cross site scripting? Define SQL injection. 

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. 

Examples of such code include HTML code and client-side scripts. SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.

The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed

Question:What is PHP's mysqli Extension? 

The mysqli extension, or as it is sometimes known, the MySQL improved extension, was developed to take advantage of new features found in MySQL systems versions 4.1.3 and newer. 

The mysqli extension is included with PHP versions 5 and later.  The mysqli extension has a number of benefits, the key enhancements over the mysql extension being:  

=>Object-oriented interface  
=>Support for Prepared Statements  
=>Support for Multiple Statements  
=>Support for Transactions  
=>Enhanced debugging capabilities  
=>Embedded server support

Question:What is PDO? 

The PDO ( PHP Data Objects ) extension defines a lightweight, consistent interface for accessing databases in PHP. if you are using the PDO API, you could switch the database server you used, from say PgSQL to MySQL, and only need to make minor changes to your PHP code.  

While PDO has its advantages, such as a clean, simple, portable API but its main disadvantage is that it doesn't allow you to use all of the advanced features that are available in the latest versions of MySQL server. For example, PDO does not allow you to use MySQL's support for Multiple Statements.

Question:What is the benefit of using preparing statement? 

It is useful when we need to repeatedly execute the query with iteration using different parameters. 
Prepared statement:
1. Significantly lower cost of overhead
2. Fewer lines of code.

Question:What is the difference between fetch_row () and fetch_array()? 

fetch_row(): This function retrieves an entire row of data from result set, placing the values in an indexed array.
fetch_array(): This function is really just an enhanced version of fetch_row(), offering the opportunity to retrieve each row of the result set as an associative array, a numerically indexed array, or both.

Question:What is binding variables? 

Binding variables is a variable to which we can bind any table field to it so that if we  update binding variable that will effect to table field directly. However binding can be one or two way. In two way binding we can read-write data to table field with binding variable and one way binding is readonly.