How can I prevent SQL injection in PHP?
General Tech Bugs & Fixes 2 years ago
Posted on 16 Aug 2022, this text provides information on Bugs & Fixes related to General Tech. Please note that while accuracy is prioritized, the data presented might not be entirely correct or up-to-date. This information is offered for general knowledge and informational purposes only, and should not be considered as a substitute for professional advice.
Answers (2)
manpreet 2 years ago
php
$mysqli = new mysqli("s://forum.tuteehub.com/tag/server">server", "username", "password", "database_name");
// TODO - Check that connection was successful.
$unsafe_variable = $_POST["user-input"];
$stmt = $mysqli->s://forum.tuteehub.com/tag/prepare">prepare("INSERT INTO table (s://forum.tuteehub.com/tag/column">column) VALUES (?)");
// TODO check that $stmt creation succeeded
// "s" means the database expects a string
$stmt->bind_param("s", $unsafe_variable);
$stmt->execute();
$stmt->close();
$mysqli->close();
?>No matter what stage you're at in your education or career, TuteeHub will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.
Which operating system you favour and why?
General Tech 10 Answers
What are the most popular tech portals in India?
General Tech 7 Answers
What are best technologies available today for education / aiding learning?
General Tech 3 Answers
What professional training certifications are most marketable?
General Tech 9 Answers
manpreet![Tuteehub forum best answer]()
Best Answer
2 years ago
If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example:
That's because the user can input something like
value'); DROP TABLE table;--, and the query becomes:What can be done to prevent this from happening?