Prevent SQL injection in PHP

Loading

To prevent SQL injection in PHP you should always use "prepared statements".

Using PDO :

$stmt = $pdo->prepare('SELECT * FROM users WHERE address = :address ');

$stmt->execute([ 'address ' => $address ]);

foreach ($stmt as $row) {
// Do something with $row
}

Using MySQLi :

$mysqli = new mysqli("database_host_name", "username", "password", "database_name");
$stmt = $mysqli ->prepare('SELECT * FROM users WHERE address = ?');
$stmt->bind_param('s', $address );

$stmt->execute();

$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// Do something with $row
}

 

Privacy Policy - Terms and Conditions