How to prevent SQL injection in PHP using PDO and MySQLi? | #MySQL#MySQLTips
@MySQLguru
Updated July 19, 2013 ● 1,159 views
Programming
SQL injection in PHP is one of the most common vulnerabilities in web applications. Let me show you how you can prevent SQL injection on your website using PDO and MySQLi.
Using PDO:
$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$stmt->execute(array(':name' => $name));
foreach ($stmt as $row) {
// do something with $row
}
Using MySQLi:
$name = $_GET['username'];
$password = $_GET['password'];
if ($stmt = $mysqli->prepare("INSERT INTO tbl_users (name, password) VALUES (?, ?)")) {
// Bind the variables to the parameter as strings.
$stmt->bind_param("ss", $name, $password);
// Execute the statement.
$stmt->execute();
// Close the prepared statement.
$stmt->close();
}
How to prevent SQL injection in PHP using PDO and MySQLi? | #MySQL #MySQLTips
Updated July 19, 2013 ● 1,159 views
SQL injection in PHP is one of the most common vulnerabilities in web applications. Let me show you how you can prevent SQL injection on your website using PDO and MySQLi.
Using PDO:
Using MySQLi: