How can SQL injection vulnerabilities be mitigated when passing variables through URLs in PHP?

SQL injection vulnerabilities can be mitigated by using prepared statements and parameterized queries when interacting with the database. This ensures that user input is properly sanitized and treated as data rather than executable SQL code.

// Example of using prepared statements to mitigate SQL injection in PHP

// Establish a database connection
$pdo = new PDO(&quot;mysql:host=localhost;dbname=mydatabase&quot;, &quot;username&quot;, &quot;password&quot;);

// User input from URL parameter
$user_id = $_GET[&#039;user_id&#039;];

// Prepare a SQL statement with a placeholder for the user input
$stmt = $pdo-&gt;prepare(&quot;SELECT * FROM users WHERE id = :user_id&quot;);

// Bind the user input to the placeholder
$stmt-&gt;bindParam(&#039;:user_id&#039;, $user_id, PDO::PARAM_INT);

// Execute the query
$stmt-&gt;execute();

// Fetch the results
$results = $stmt-&gt;fetchAll(PDO::FETCH_ASSOC);

// Use the results as needed
foreach ($results as $row) {
    echo $row[&#039;username&#039;] . &quot;&lt;br&gt;&quot;;
}

Keywords

SQL injection vulnerabilities mitigation URL parameters PHP security

How can SQL injection vulnerabilities be mitigated when passing variables through URLs in PHP?

Keywords

Related Questions