HOME | PHP Tutorial | CSS
facebook icon
AgerNic.com
WEB DEVELOPER SITE, HTML, CSS, PHP
PHP Tutorial

PHP forms
HTML Tutorial

CSS Tutorial

How to prevent sql injection in php mysqli



basically have two options to achieve this:
1. Using MySQLi (for MySQL):

Example: Using MySQLi (for MySQL)
<?php
$users_name = $dbConnection->prepare('SELECT * FROM users WHERE name = ?');
$users_name->bind_param('s', $name); // 's' specifies the variable type => 'string'
$users_name->execute();
$result = $users_name->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
?>

2. Using PDO (for any supported database driver):

Example: Using PDO:
<?php
$users_name = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$users_name->execute(array('name' => $name));
foreach ($users_name as $row) {
// do something with $row
}
?>


3. Escaping Strings
Escaping string helps in removing special characters for use in SQL statements. It also takes into account current charset of the connection.

Example: Escaping Strings:
<?php
$user_name = mysqli_real_escape_string($con, $_POST["user_name"]);
$password = mysqli_real_escape_string($con, $_POST["password"]);
mysqli_close($con);
?>



sql injection How to prevent sql injection in php mysqli - php mysqli

3271. How to prevent sql injection in php mysqli, php mysqli
How to prevent sql injection in php mysqli php mysqli
https://www.agernic.com/php-mysqli/how-to-prevent-sql-injection-in-php-mysqli.html

1265. mysqli_fetch_field_direct to get field meta data
mysqli_fetch_field_direct to get field meta data in PHP MYSQLI
https://www.plus2net.com/php_tutorial/mysqli_fetch_field_direct.php

1269. mysqli_num_fields to get number of fields or columns in a result set returned from database
mysqli_num_fields to get number of column from resultset in PHP MYSQLI
https://www.plus2net.com/php_tutorial/mysqli_num_fields.php

1274. PHP MySQLI functions to handle MySql database
PDO layer in PHP to mange MySQL database with different data handling commands in PHP
https://www.plus2net.com/php_tutorial/mysqli.php

3272. Mysqli_fetch_array() expects parameter 1 to be mysqli_result boolean given, php mysqli
Mysqli_fetch_array() expects parameter 1 to be mysqli_result boolean given php mysqli
https://www.agernic.com/php-mysqli/mysqli_fetch_array()-expects-parameter-1-to-be-mysqli_result-boolean-given.html

3273. Uncaught Error: Call to undefined function MYSQL_NUM_ROWS() in, php mysqli
Uncaught Error: Call to undefined function MYSQL_NUM_ROWS() in php mysqli
https://www.agernic.com/php-mysqli/uncaught-error-call-to-undefined-function-mysql_num_rows().html

Your add here
PHP str_split() function

PHP similar_text() function

PHP define() function

PHP htmlspecialchars_decode() function

PHP substr() function

PHP htmlspecialchars() function

PHP print() function

PHP isset() Function

PHP strcmp() function

PHP strlen() function

PHP ucfirst() function

PHP strtoupper() function

PHP strrchr() Function

PHP str_replace() function

PHP lcfirst() function

PHP rtrim() function

HTML Tutorial - Tags and attributes
PHP convert array to string comma separated
SQL like syntax and example
Deprecated: mysql_connect() mysql extension is deprecated and will be
PHP Operator Types
PHP Array - What is an Array?