How can PHP be used to secure a guestbook against SQL injections and XSS attacks?

To secure a guestbook against SQL injections and XSS attacks, input validation and parameterized queries should be used to sanitize user input and prevent malicious code from being executed. 

// Connect to the database
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "guestbook";

$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Sanitize user input
$name = mysqli_real_escape_string($conn, $_POST['name']);
$message = mysqli_real_escape_string($conn, $_POST['message']);

// Insert data into the database using parameterized queries
$stmt = $conn->prepare("INSERT INTO entries (name, message) VALUES (?, ?)");
$stmt->bind_param("ss", $name, $message);

$stmt->execute();

// Close connection
$stmt->close();
$conn->close();

Keywords

PHP SQL injection XSS attacks security guestbook

Related Questions