How to prevent sql injection in php mysqli
basically have two options to achieve this:
1. Using MySQLi (for MySQL):
Example: Using MySQLi (for MySQL)
<?php
$users_name = $dbConnection->prepare('SELECT * FROM users WHERE name = ?');
$users_name->bind_param('s', $name); // 's' specifies the variable type => 'string'
$users_name->execute();
$result = $users_name->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
?>
$users_name = $dbConnection->prepare('SELECT * FROM users WHERE name = ?');
$users_name->bind_param('s', $name); // 's' specifies the variable type => 'string'
$users_name->execute();
$result = $users_name->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
?>
2. Using PDO (for any supported database driver):
Example: Using PDO:
<?php
$users_name = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$users_name->execute(array('name' => $name));
foreach ($users_name as $row) {
// do something with $row
}
?>
$users_name = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$users_name->execute(array('name' => $name));
foreach ($users_name as $row) {
// do something with $row
}
?>
3. Escaping Strings
Escaping string helps in removing special characters for use in SQL statements. It also takes into account current charset of the connection.
Example: Escaping Strings:
<?php
$user_name = mysqli_real_escape_string($con, $_POST["user_name"]);
$password = mysqli_real_escape_string($con, $_POST["password"]);
mysqli_close($con);
?>
$user_name = mysqli_real_escape_string($con, $_POST["user_name"]);
$password = mysqli_real_escape_string($con, $_POST["password"]);
mysqli_close($con);
?>
sql injection
How to prevent sql injection in php mysqli - php mysqli
Online Editor
This tool makes it easy to create, adjust, and experiment with custom colors for the web.
HTML Templates
Magnews2 is a modern and creative free magazine and news website template that will help you kick off your online project in style.
CSS HTML Layout
Find here examples of creative and unique website layouts.
Free CSS HTML Menu
Find here examples of creative and unique website CSS HTML menu.