How can the use of addslashes() in PHP impact the security and functionality of a search feature?
Using addslashes() in PHP can impact the security and functionality of a search feature by potentially allowing SQL injection attacks. Instead, it is recommended to use prepared statements with parameterized queries to prevent malicious input from affecting the database queries.
// Using prepared statements to prevent SQL injection
$searchTerm = $_GET['searchTerm'];
$stmt = $pdo->prepare("SELECT * FROM products WHERE name = :searchTerm");
$stmt->bindParam(':searchTerm', $searchTerm);
$stmt->execute();
$results = $stmt->fetchAll();
Keywords
Related Questions
- What are potential pitfalls of using a function like check_vars() to filter all GET and POST values?
- In what ways can outdated PHP scripts be refactored to adhere to current best practices and security standards?
- How can PHP be used to search for partial matches in a JSON file, rather than exact matches?