What are the best practices for handling database connections and queries in PHP, especially in the context of session variables?

When handling database connections and queries in PHP, it is important to open and close connections properly to avoid resource leaks. Additionally, it is recommended to use prepared statements to prevent SQL injection attacks. When dealing with session variables, make sure to sanitize any user input before using it in database queries to prevent security vulnerabilities.

// Establish a database connection
$servername = &quot;localhost&quot;;
$username = &quot;username&quot;;
$password = &quot;password&quot;;
$dbname = &quot;database&quot;;

$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn-&gt;connect_error) {
    die(&quot;Connection failed: &quot; . $conn-&gt;connect_error);
}

// Prepare and execute a query using a prepared statement
$stmt = $conn-&gt;prepare(&quot;SELECT * FROM users WHERE username = ?&quot;);
$stmt-&gt;bind_param(&quot;s&quot;, $username);
$username = $_SESSION[&#039;username&#039;];
$stmt-&gt;execute();
$result = $stmt-&gt;get_result();

// Process the query results
while ($row = $result-&gt;fetch_assoc()) {
    // Do something with the data
}

// Close the connection
$stmt-&gt;close();
$conn-&gt;close();

Keywords

database connections queries PHP session variables error handling

What are the best practices for handling database connections and queries in PHP, especially in the context of session variables?

Keywords

Related Questions