Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 

  • How can we prevent SQL-injection in PHP?

    @shashank.garg
    Recommendations Offline Message

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 286
    Comment on it

    Hello Readers ,

    For preventing SQL injection we can do by two ways :

    1- > Escaping the special characters in your post or get variables , or

    2-> By using a parameterized query.

    Both would protect you from SQL injection.

    Example : 

    1. $unsafe_variable = $_POST["user-input"];
    2. $safe_variable = mysql_real_escape_string($unsafe_variable);
    3.  
    4. mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");
    sql injection mysql php
    Comment on it

 0 Comment(s)

Sign In
Forgot Password?
                           OR                           
Create an account !!
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Reset Password
Fill out the form below and reset your password: