Navnish Bhardwaj would like you to review his/her blog.
[ http://www.navnishbhardwaj.com/weblog-navnish-bhardwaj/ ] IndiRank: 38

Learn right way to prevent SQL Injection in PHP

Navnish Bhardwaj
Navnish Bhardwaj
from Mohali
9 years ago

SQL-Injection the threat for PHP. You can prevent SQL-Injection in PHP just as following.

Preventing SQL Injection Attacks

To perform your database queries, you should be using PDO. With parametrized queries and prepared statements, you can preventSQL injection.

Learn right way to prevent SQL Injection in PHP. Take a look at the following example:

<?php

$sql = "SELECT * FROM users WHERE name=: name and age=: age";

$stmt = $db->prepare ($sql);

$stmt->execute (array (": name" => $name, “age" => $age));

In the above code the named parameters: name and: age to prepare (), which informs the database engine to pre-compile the query and attach the values to the named parameters later. When the call to execute () is made, the query is executed with the actual values of the named parameters. If you code this way, the attacker can’t inject malicious SQL as the query is already compiled and your database will be secure.

Read complete article at Weblog / http://www.navnishbhardwaj.com/learn-right-way-to-prevent-sql-injection-in-php/