How can SQL injections be prevented when updating data in PHP?
To prevent SQL injections when updating data in PHP, you should always use prepared statements with parameterized queries. This helps to separate the SQL code from the user input, preventing malicious SQL queries from being executed.
// Establish a database connection
$pdo = new PDO('mysql:host=localhost;dbname=mydatabase', 'username', 'password');
// Prepare the SQL query with placeholders
$stmt = $pdo->prepare("UPDATE users SET name = :name WHERE id = :id");
// Bind the parameters with the actual values
$stmt->bindParam(':name', $name);
$stmt->bindParam(':id', $id);
// Execute the query
$stmt->execute();