How do I prevent SQL injection in PHP?

To prevent SQL injection in PHP, it's essential to use prepared statements and parameterized queries. This approach ensures that user input is treated as data and not executable code, thus safeguarding your database from malicious attacks.

Here's a simple example demonstrating how to use prepared statements with PDO (PHP Data Objects):

<?php // Database connection $dsn = 'mysql:host=localhost;dbname=testdb'; $username = 'root'; $password = ''; try { $pdo = new PDO($dsn, $username, $password); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Prepare an SQL statement $stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email'); // Bind the parameters $stmt->bindParam(':email', $user_email); // User input $user_email = 'test@example.com'; // Execute the statement $stmt->execute(); // Fetch the results $results = $stmt->fetchAll(PDO::FETCH_ASSOC); print_r($results); } catch (PDOException $e) { echo 'Connection failed: ' . $e->getMessage(); } ?>

SQL Injection PHP Security Prepared Statements PDO Parameterized Queries

Related Questions

How do I avoid rehashing overhead with std::set in multithreaded code?

How do I find elements with custom comparators with std::set for embedded targets?

How do I erase elements while iterating with std::set for embedded targets?

How do I provide stable iteration order with std::unordered_map for large datasets?

How do I reserve capacity ahead of time with std::unordered_map for large datasets?

How do I erase elements while iterating with std::unordered_map in multithreaded code?

How do I provide stable iteration order with std::map for embedded targets?

How do I provide stable iteration order with std::map in multithreaded code?

How do I avoid rehashing overhead with std::map in performance-sensitive code?

How do I merge two containers efficiently with std::map for embedded targets?