How can the issue of SQL injection be addressed when transferring form data to a MySQL database in PHP?

SQL injection can be addressed by using prepared statements with parameterized queries in PHP when transferring form data to a MySQL database. This helps to prevent malicious SQL code from being injected into the query, as the parameters are treated as data rather than executable code.

// Establish a connection to the database
$mysqli = new mysqli(&quot;localhost&quot;, &quot;username&quot;, &quot;password&quot;, &quot;database&quot;);

// Prepare a SQL statement with a parameterized query
$stmt = $mysqli-&gt;prepare(&quot;INSERT INTO table_name (column1, column2) VALUES (?, ?)&quot;);

// Bind the form data to the parameters
$stmt-&gt;bind_param(&quot;ss&quot;, $form_data1, $form_data2);

// Set the form data variables
$form_data1 = $_POST[&#039;form_field1&#039;];
$form_data2 = $_POST[&#039;form_field2&#039;];

// Execute the query
$stmt-&gt;execute();

// Close the statement and connection
$stmt-&gt;close();
$mysqli-&gt;close();

Keywords

SQL injection form data MySQL database PHP security

How can the issue of SQL injection be addressed when transferring form data to a MySQL database in PHP?

Keywords

Related Questions