How can PHP developers ensure secure database connections and prevent SQL injection in their code?

To ensure secure database connections and prevent SQL injection in PHP code, developers should use prepared statements with parameterized queries instead of directly inserting user input into SQL queries. This helps to sanitize and escape user input, making it safe to use in database queries. 

// Establish a secure database connection
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";

$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Use prepared statement to prevent SQL injection
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);

// Execute the query
$stmt->execute();

// Fetch results
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    // Process the results
}

// Close the statement and connection
$stmt->close();
$conn->close();

Keywords

PHP database connections SQL injection prepared statements PDO

Related Questions