What are some best practices for displaying data from a database in a template using PHP?

When displaying data from a database in a template using PHP, it is important to sanitize the data to prevent SQL injection attacks and ensure proper formatting for display. One best practice is to use prepared statements to safely retrieve data from the database and then loop through the results to display them in the template.

&lt;?php
// Connect to the database
$pdo = new PDO(&#039;mysql:host=localhost;dbname=mydatabase&#039;, &#039;username&#039;, &#039;password&#039;);

// Prepare a SQL statement
$stmt = $pdo-&gt;prepare(&#039;SELECT * FROM mytable&#039;);

// Execute the statement
$stmt-&gt;execute();

// Fetch the results as an associative array
$results = $stmt-&gt;fetchAll(PDO::FETCH_ASSOC);

// Loop through the results and display them in the template
foreach ($results as $row) {
    echo &#039;&lt;div&gt;&#039;;
    echo &#039;&lt;h2&gt;&#039; . htmlspecialchars($row[&#039;title&#039;]) . &#039;&lt;/h2&gt;&#039;;
    echo &#039;&lt;p&gt;&#039; . nl2br(htmlspecialchars($row[&#039;content&#039;])) . &#039;&lt;/p&gt;&#039;;
    echo &#039;&lt;/div&gt;&#039;;
}
?&gt;

Keywords

SQL PDO data binding prepared statements MVC architecture

What are some best practices for displaying data from a database in a template using PHP?

Keywords

Related Questions