Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Prevent SQL-injection in PHP

    • 0
    • 0
    • 0
    • 0
    • 1
    • 0
    • 0
    • 0
    • 112
    Comment on it

    User can prevent SQL- injection in php by using given 3 ways.

    Method1. By Using PHP inbuilt Functions.

    $name = mysql_real_escape_string($_POST["name"]);
    mysql_query("INSERT INTO users VALUES($name)");
    

    Method 2. By Using MySqli instead of MySQL. MySqli is much better than MySql only for the reason of object oriented MySql.

    $stmt = $dbConnection->prepare('INSERT INTO users VALUES(?)');
    $name=$_POST["name"];
    $stmt->bind_param('s', $name);
    $stmt->execute();
    

    Method 3. By Using PDO (PHP Data Objects)

    $stmt = $conn->prepare("INSERT INTO users VALUES(:name)");
    $stmt->bindValue(':name', $_POST["name"]);
    $stmt->execute();
    

 1 Comment(s)

  • PHP MySQL injection can be easily prevented, here is how: https://www.cloudways.com/blog/protect-php-website-sql-injection/
    Basically, there are two methods. You can replace with str_replace() function or use PHP Prepared Statements
Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: