How to prevent SQL injection in PHP using PDO and MySQLi? | #MySQL #MySQLTips

@MySQLguru
Updated July 19, 2013 ● 1,118 views

SQL injection in PHP is one of the most common vulnerabilities in web applications. Let me show you how you can prevent SQL injection on your website using PDO and MySQLi.

Using PDO:

$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$stmt->execute(array(':name' => $name));

foreach ($stmt as $row) {
    // do something with $row
}

Using MySQLi:

$name = $_GET['username'];
$password = $_GET['password'];
 
if ($stmt = $mysqli->prepare("INSERT INTO tbl_users (name, password) VALUES (?, ?)")) {
    // Bind the variables to the parameter as strings. 
    $stmt->bind_param("ss", $name, $password);
    // Execute the statement.
    $stmt->execute();
    // Close the prepared statement.
    $stmt->close();
}

0 Comments

Related

#iamaWebDeveloper: I'm a freelance web developer, I can help you develop your web 2.0 site | #PHP #Yii #Bootstrap #Ajax #MySQL

#iamaWebDeveloper: I developed Technovibe.com and expert in #PHP #MySQL #HTML5 and #CSS3. Let me know if you need my expertise.

#iamaWebDeveloper: i'll design and develop a site for you | #PHP #MySQL #Bootstrap #Yii

Tip: Store IP address as Integer in #MySQL

More in Programming

Solution: #jQuery image upload resize is not working due to memory_limit in #PHP

#jQueryTips: How to detect #AdBlock using #jQuery?

Solution: #Eclipse weird keyboard backspace delete key suddenly stopped working

Solution: #PHP: Handling json_encode data in html data attribute

Solution: #PHP DOMDoc-ment::loadHTML(): htmlParseStartTag: invalid element name in Entity

Solution: How to close Twitter #Bootstrap popover with a click anywhere on the page using #jQuery

Solution: #jQuery #bootstrap popover focus not working in Chrome

#jQuery fileupload for dynamically added input field

#Joomla: Fort Disco Brute-Force Attack Campaign Targets CMS Websites

Free #Joomla Templates available at JoomlaHacks