What are the best practices for handling and displaying data retrieved from a database in PHP?

When handling and displaying data retrieved from a database in PHP, it is important to sanitize the data to prevent SQL injection attacks and ensure proper formatting for display. One way to do this is by using prepared statements to safely retrieve data from the database and then properly escape and format it before displaying it on the webpage.

// Connect to the database
$pdo = new PDO(&#039;mysql:host=localhost;dbname=mydatabase&#039;, &#039;username&#039;, &#039;password&#039;);

// Prepare a statement to retrieve data
$stmt = $pdo-&gt;prepare(&#039;SELECT * FROM users WHERE id = :id&#039;);
$stmt-&gt;bindParam(&#039;:id&#039;, $userId, PDO::PARAM_INT);
$stmt-&gt;execute();

// Fetch the data and display it
while ($row = $stmt-&gt;fetch()) {
    $username = htmlspecialchars($row[&#039;username&#039;]);
    $email = filter_var($row[&#039;email&#039;], FILTER_SANITIZE_EMAIL);
    
    echo &quot;Username: $username &lt;br&gt;&quot;;
    echo &quot;Email: $email &lt;br&gt;&quot;;
}

Keywords

SQL injection PDO prepared statements data sanitization error handling

What are the best practices for handling and displaying data retrieved from a database in PHP?

Keywords

Related Questions