HOME | PHP Tutorial | CSS
facebook icon
AgerNic.com
WEB DEVELOPER SITE, HTML, CSS, PHP
HTML Tutorial

CSS Tutorial

How to prevent sql injection in php mysqli



basically have two options to achieve this:
1. Using MySQLi (for MySQL):

Example: Using MySQLi (for MySQL)
<?php
$users_name = $dbConnection->prepare('SELECT * FROM users WHERE name = ?');
$users_name->bind_param('s', $name); // 's' specifies the variable type => 'string'
$users_name->execute();
$result = $users_name->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
?>

2. Using PDO (for any supported database driver):

Example: Using PDO:
<?php
$users_name = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$users_name->execute(array('name' => $name));
foreach ($users_name as $row) {
// do something with $row
}
?>


3. Escaping Strings
Escaping string helps in removing special characters for use in SQL statements. It also takes into account current charset of the connection.

Example: Escaping Strings:
<?php
$user_name = mysqli_real_escape_string($con, $_POST["user_name"]);
$password = mysqli_real_escape_string($con, $_POST["password"]);
mysqli_close($con);
?>



sql injection How to prevent sql injection in php mysqli - php mysqli

3270. Deprecated: mysql_connect() mysql extension is deprecated and will be removed, php mysqli
Deprecated: mysql_connect() mysql extension is deprecated and will be removed php mysqli
https://www.agernic.com/php-mysqli/deprecated-mysql_connect()-mysql-extension-is-deprecated-and-will-be-removed.html

3271. How to prevent sql injection in php mysqli, php mysqli
How to prevent sql injection in php mysqli php mysqli
https://www.agernic.com/php-mysqli/how-to-prevent-sql-injection-in-php-mysqli.html

3272. Mysqli_fetch_array() expects parameter 1 to be mysqli_result boolean given, php mysqli
Mysqli_fetch_array() expects parameter 1 to be mysqli_result boolean given php mysqli
https://www.agernic.com/php-mysqli/mysqli_fetch_array()-expects-parameter-1-to-be-mysqli_result-boolean-given.html

1270. mysqli_num_rows to get number of rows or records in a result set returned from database
mysqli_num_rows to get number of rows of data from resultset in PHP MYSQLI
https://www.plus2net.com/php_tutorial/mysqli_num_rows.php

1265. mysqli_fetch_field_direct to get field meta data
mysqli_fetch_field_direct to get field meta data in PHP MYSQLI
https://www.plus2net.com/php_tutorial/mysqli_fetch_field_direct.php

1274. PHP MySQLI functions to handle MySql database
PDO layer in PHP to mange MySQL database with different data handling commands in PHP
https://www.plus2net.com/php_tutorial/mysqli.php

Your add here
How to get PHP errors to display?
How to prevent sql injection in php mysqli
How do I get PHP errors to display - PHP error_reporting()
mysql_query(): The mysql extension is deprecated and will be removed i
Function eregi_replace() is deprecated in php - How to fix
PHP delete an element from an array
Uncaught Error: Call to undefined function MYSQL_NUM_ROWS() in
Deprecated: mysql_connect() mysql extension is deprecated and will be
mysqli_fetch_array() expects parameter 1 to be mysqli_result boolean g
SQL IN Operator - example
SQL BETWEEN Operator
SQL like syntax and example
SQL WHERE AND & OR multiple conditions
SQL create table primary key autoincrement
PHP mysqli_connect () Function
SQL COUNT(), AVG() and SUM() Functions
Display data from SQL database with MySQLi into php - html table
SQL CREATE DATABASE - example
SQL mysql order by columns, by date, by asc, by desc, random with PHP
PHP mysqli_query() Function - mysqli query
SQL delete row - SQL delete table
SQL update - SQL update select
Insert into SQL - Insert into table SQL - Insert data in sql
Login in PHP - simple login script with PHP MYSQL