How can special characters in a PHP string be properly escaped to prevent SQL injection?
To prevent SQL injection in PHP, special characters in a string should be properly escaped using the `mysqli_real_escape_string()` function. This function escapes special characters in a string so that they can be safely used in an SQL query, preventing malicious SQL injection attacks.
// Assuming $conn is the mysqli connection object and $input is the user input
$input = mysqli_real_escape_string($conn, $input);
Keywords
Related Questions
- What best practices should be followed when using preg_match for password strength validation in PHP?
- What best practices should be followed when pre-selecting an option in a dropdown menu in PHP based on user input?
- What is the process for installing the LDAP module for PHP on a Linux Suse 9.1 server with LAMP installed?