Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 

  • Prevent SQL-injection in PHP

    @harish.dobal
    Recommendations Offline Message

    • 0
    • 0
    • 0
    • 0
    • 1
    • 0
    • 0
    • 0
    • 111
    Comment on it

    User can prevent SQL- injection in php by using given 3 ways.

    Method1. By Using PHP inbuilt Functions.

    $name = mysql_real_escape_string($_POST["name"]);
mysql_query("INSERT INTO users VALUES($name)");

    Method 2. By Using MySqli instead of MySQL. MySqli is much better than MySql only for the reason of object oriented MySql.

    $stmt = $dbConnection->prepare('INSERT INTO users VALUES(?)');
$name=$_POST["name"];
$stmt->bind_param('s', $name);
$stmt->execute();

    Method 3. By Using PDO (PHP Data Objects)

    $stmt = $conn->prepare("INSERT INTO users VALUES(:name)");
$stmt->bindValue(':name', $_POST["name"]);
$stmt->execute();
    SQL-injection Prevent SQL-injection php
    Comment on it

 1 Comment(s)

  • @oliverusselldev
    Recommendations Offline Message

    over 7 years ago

    PHP MySQL injection can be easily prevented, here is how: https://www.cloudways.com/blog/protect-php-website-sql-injection/
    Basically, there are two methods. You can replace with str_replace() function or use PHP Prepared Statements
Sign In
Forgot Password?
                           OR                           
Create an account !!
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: