What are the common pitfalls when using PHP to connect to a MySQL database?

One common pitfall when using PHP to connect to a MySQL database is not properly sanitizing user input, which can lead to SQL injection attacks. To prevent this, always use prepared statements with parameterized queries to safely execute SQL commands. 

// Connect to MySQL database using prepared statements
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "database";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Prepare and bind SQL statement
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $username);

// Set parameters
$username = "example";

// Execute SQL statement
$stmt->execute();

// Close statement and connection
$stmt->close();
$conn->close();

Keywords

MySQL PHP database connection error handling SQL injection

Related Questions