How can outdated PHP functions like mysql_real_escape_string be replaced for security purposes?

To replace outdated PHP functions like mysql_real_escape_string for security purposes, you can switch to using parameterized queries with PDO or MySQLi. This approach separates the SQL query from the user input, preventing SQL injection attacks. By binding parameters to the query, you ensure that user input is properly sanitized and escaped.

// Using PDO for secure database operations
$db = new PDO(&#039;mysql:host=localhost;dbname=mydatabase&#039;, &#039;username&#039;, &#039;password&#039;);

// Prepare a statement with placeholders
$stmt = $db-&gt;prepare(&quot;SELECT * FROM users WHERE username = :username&quot;);

// Bind the parameter
$stmt-&gt;bindParam(&#039;:username&#039;, $username);

// Execute the query
$stmt-&gt;execute();

// Fetch the results
$results = $stmt-&gt;fetchAll();

Keywords

PHP mysql_real_escape_string security mysqli_real_escape_string prepared statements

How can outdated PHP functions like mysql_real_escape_string be replaced for security purposes?

Keywords

Related Questions