Question : How can I prevent SQL injection in PHP?
Answered by : matteo-puppis
//Connect
$unsafe_variable = $_POST["user-input"];
$safe_variable = mysql_real_escape_string($unsafe_variable);
mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");
//Disconnect
Source : https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php | Last Update : Mon, 25 May 20
Question : prevent sql attacks php
Answered by : umom
$safe_variable = mysqli_real_escape_string($conn, $user_input);
Source : | Last Update : Wed, 04 Jan 23
Question : prevent SQL injection in PHP?
Answered by : undefined-5dno7e6groib
$str = "<script>alert('Hacked')</script>";
echo htmlentities($str);
Source : | Last Update : Sat, 09 Oct 21
Question : prevent sql injection commands PHP
Answered by : ivan-londono
{"tags":[{"tag":"textarea","content":"$stmt = $dbh->prepare(\"INSERT INTO REGISTRY (name, value) VALUES (:name, :value)\");\n$stmt->bindParam(':name', $name);\n$stmt->bindParam(':value', $value);","code_language":"php"}]}
Source : | Last Update : Mon, 25 Sep 23
Question : prevent sql injection php
Answered by : you
<?php
// Create a new PDO instance
$db = new PDO('mysql:host=localhost;dbname=mydatabase', 'username', 'password');
// Prepare the SQL statement with placeholder
$stmt = $db->prepare('SELECT * FROM users WHERE username = :username');
// Bind the parameter value
$stmt->bindParam(':username', $username);
// Set the parameter value
$username = $_POST['username'];
// Execute the prepared statement
$stmt->execute();
// Fetch the results
$result = $stmt->fetchAll();
// Display the results
foreach($result as $row) { echo $row['username'] . '<br>';
}
?>
Source : | Last Update : Mon, 18 Sep 23
Question : how to stop bank entry in php mysql server database
Answered by : nitesh-jangid
if($name!="" && $email!=""){
$sql="insert into info(name,email)values('".$name."','".$email."')";
$query=mysqli_query($conn,$sql);
}else{
echo "All field are required";
}
Source : | Last Update : Tue, 12 Jan 21