What are some potential issues with the PHP code provided for a guestbook, and how can they be addressed?

Issue: The PHP code does not sanitize user input, leaving the application vulnerable to SQL injection attacks. To address this issue, you can use prepared statements with parameterized queries to sanitize user input before executing SQL queries.

// Connect to the database
$pdo = new PDO(&#039;mysql:host=localhost;dbname=guestbook&#039;, &#039;username&#039;, &#039;password&#039;);

// Prepare a SQL query using a parameterized query
$stmt = $pdo-&gt;prepare(&#039;INSERT INTO entries (name, message) VALUES (:name, :message)&#039;);
$stmt-&gt;bindParam(&#039;:name&#039;, $_POST[&#039;name&#039;]);
$stmt-&gt;bindParam(&#039;:message&#039;, $_POST[&#039;message&#039;]);

// Execute the query
$stmt-&gt;execute();

Keywords

SQL injection XSS vulnerability input validation error handling prepared statements

What are some potential issues with the PHP code provided for a guestbook, and how can they be addressed?

Keywords

Related Questions