How can PHP be used to sanitize user input to prevent SQL injection attacks?
To sanitize user input in PHP to prevent SQL injection attacks, you can use prepared statements with parameterized queries. This method separates the SQL query logic from the user input, making it impossible for an attacker to inject malicious code into the query.
// Establish a database connection
$pdo = new PDO('mysql:host=localhost;dbname=mydatabase', 'username', 'password');
// Prepare a SQL query with a placeholder for user input
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username');
// Bind the user input to the placeholder
$stmt->bindParam(':username', $_POST['username']);
// Execute the query
$stmt->execute();
// Fetch the results
$results = $stmt->fetchAll();
Keywords
Related Questions
- How can individual forums and categories be styled differently in a phpbb3 forum?
- Are there any specific PHP functions or libraries that can simplify the process of importing data from a *.csv file into a Firebird database?
- What are the potential security risks of including files from a remote URL in PHP scripts?