What are the best practices for handling form data in PHP to update database records?

When handling form data in PHP to update database records, it is important to sanitize and validate the input to prevent SQL injection and other security vulnerabilities. It is also crucial to use prepared statements to safely update the database records without exposing them to potential attacks.

// Assuming form data is submitted via POST method
if ($_SERVER[&quot;REQUEST_METHOD&quot;] == &quot;POST&quot;) {
    // Sanitize and validate form data
    $id = filter_input(INPUT_POST, &#039;id&#039;, FILTER_SANITIZE_NUMBER_INT);
    $name = filter_input(INPUT_POST, &#039;name&#039;, FILTER_SANITIZE_STRING);
    
    // Update database record using prepared statement
    $stmt = $pdo-&gt;prepare(&quot;UPDATE table_name SET name = :name WHERE id = :id&quot;);
    $stmt-&gt;bindParam(&#039;:name&#039;, $name);
    $stmt-&gt;bindParam(&#039;:id&#039;, $id);
    $stmt-&gt;execute();
    
    // Redirect to a success page or display a success message
    header(&quot;Location: success.php&quot;);
    exit();
}

Keywords

SQL injection prepared statements PDO form validation data sanitization

What are the best practices for handling form data in PHP to update database records?

Keywords

Related Questions