What are the best practices for updating user data in a database using PHP?

When updating user data in a database using PHP, it is important to sanitize user input to prevent SQL injection attacks. It is also recommended to use prepared statements to securely update the database. Additionally, always validate user input before updating the database to ensure data integrity. 

// Connect to the database
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";

$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Sanitize user input
$user_id = mysqli_real_escape_string($conn, $_POST['user_id']);
$new_data = mysqli_real_escape_string($conn, $_POST['new_data']);

// Update user data using prepared statement
$stmt = $conn->prepare("UPDATE users SET data = ? WHERE id = ?");
$stmt->bind_param("si", $new_data, $user_id);

if ($stmt->execute()) {
    echo "User data updated successfully";
} else {
    echo "Error updating user data: " . $conn->error;
}

// Close connection
$stmt->close();
$conn->close();

Keywords

SQL injection prepared statements PDO data validation error handling

Related Questions