Are there any specific best practices for displaying and manipulating MySQL data with PHP?

When displaying and manipulating MySQL data with PHP, it is important to properly sanitize user input to prevent SQL injection attacks. It is also recommended to use prepared statements to securely interact with the database. Additionally, organizing the code into separate functions for querying, inserting, updating, and deleting data can help improve readability and maintainability. 

// Connect to MySQL database
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";

$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Function to sanitize user input
function sanitize_input($input) {
    return htmlspecialchars(strip_tags(trim($input)));
}

// Function to execute a prepared statement
function execute_prepared_statement($conn, $sql, $params) {
    $stmt = $conn->prepare($sql);
    $stmt->bind_param(...$params);
    $stmt->execute();
    $result = $stmt->get_result();
    $stmt->close();
    return $result;
}

// Example usage of sanitize_input function
$user_input = $_POST['user_input'];
$sanitized_input = sanitize_input($user_input);

// Example usage of execute_prepared_statement function
$sql = "SELECT * FROM users WHERE username = ?";
$params = ['s', $sanitized_input];
$result = execute_prepared_statement($conn, $sql, $params);

// Displaying the results
while ($row = $result->fetch_assoc()) {
    echo "Username: " . $row['username'] . "<br>";
    echo "Email: " . $row['email'] . "<br>";
}

// Close the connection
$conn->close();

Keywords

MySQL PHP data manipulation display best practices

Related Questions