What are best practices for handling user input and database queries in PHP when implementing autocomplete features?

When implementing autocomplete features in PHP, it is important to sanitize and validate user input to prevent SQL injection attacks. It is also recommended to use prepared statements for database queries to further protect against malicious input. Additionally, consider implementing caching mechanisms to improve performance when querying the database for autocomplete suggestions.

// Sanitize and validate user input
$search_term = filter_var($_GET[&#039;search_term&#039;], FILTER_SANITIZE_STRING);

// Connect to the database
$pdo = new PDO(&#039;mysql:host=localhost;dbname=database_name&#039;, &#039;username&#039;, &#039;password&#039;);

// Prepare a SQL query using a prepared statement
$stmt = $pdo-&gt;prepare(&quot;SELECT * FROM table_name WHERE column_name LIKE :search_term&quot;);
$stmt-&gt;bindValue(&#039;:search_term&#039;, &#039;%&#039; . $search_term . &#039;%&#039;, PDO::PARAM_STR);
$stmt-&gt;execute();

// Fetch results and return them as JSON
$results = $stmt-&gt;fetchAll(PDO::FETCH_ASSOC);
echo json_encode($results);

Keywords

SQL injection prepared statements PDO AJAX sanitization

What are best practices for handling user input and database queries in PHP when implementing autocomplete features?

Keywords

Related Questions