How can SQL injection be prevented in the code?

SQL injection can be prevented by using parameterized queries or prepared statements in your code. This helps to separate SQL code from user input and prevents malicious SQL queries from being executed.

// Using parameterized queries to prevent SQL injection
$pdo = new PDO(&#039;mysql:host=localhost;dbname=my_database&#039;, &#039;username&#039;, &#039;password&#039;);
$stmt = $pdo-&gt;prepare(&#039;SELECT * FROM users WHERE username = :username AND password = :password&#039;);
$stmt-&gt;execute([&#039;username&#039; =&gt; $username, &#039;password&#039; =&gt; $password]);
$user = $stmt-&gt;fetch();

Keywords

SQL injection prepared statements parameterized queries PDO mysqli_real_escape_string

How can SQL injection be prevented in the code?

Keywords

Related Questions