How can I prevent SQL injection in PHP?

Posted by LaravelIndia - 4 years ago

You basically have two options to achieve this:

Using PDO (for any supported database driver):

$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');

$stmt->execute(array('name' => $name));

foreach ($stmt as $row) {
    // Do something with $row
}

Using MySQLi (for MySQL):

$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name); // 's' specifies the variable type => 'string'

$stmt->execute();

$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // Do something with $row
}

Status

Tags

php

Latest Post

Buy Cenforce 150 Mg [20% OFF] - At Australiarxmeds What are the benefits of a cenforce 200 Mg tablet? Men Will Deal with ED Easier With cenforce 130 Mg Men Will Deal with ED Easier With cenforce 200 Mg Buy Cenforce 200 Mg | Treats ED and PE problem
maxwin slot mahjong ways