What are some common pitfalls when using PHP for database operations like updates and selects?
Common pitfalls when using PHP for database operations like updates and selects include not sanitizing user input, not handling errors properly, and not using prepared statements which can lead to SQL injection attacks. To solve these issues, always sanitize user input using functions like mysqli_real_escape_string, handle errors with try-catch blocks, and use prepared statements to prevent SQL injection attacks.
// Example of using prepared statements to update a database record
// Assuming $conn is the database connection object
// Sanitize user input
$user_id = mysqli_real_escape_string($conn, $_POST['user_id']);
$new_email = mysqli_real_escape_string($conn, $_POST['new_email']);
// Prepare a SQL statement with placeholders
$stmt = $conn->prepare("UPDATE users SET email = ? WHERE id = ?");
$stmt->bind_param("si", $new_email, $user_id);
// Execute the statement
$stmt->execute();
// Close the statement and connection
$stmt->close();
$conn->close();