What potential issue is highlighted in the PHP code related to checking if a username already exists in the database?

The potential issue highlighted in the PHP code related to checking if a username already exists in the database is that it is vulnerable to SQL injection attacks. This is because the code directly concatenates user input into the SQL query, making it possible for malicious users to manipulate the query. To solve this issue, you should use prepared statements with parameterized queries to prevent SQL injection attacks.

// Fix for checking if a username already exists in the database using prepared statements

$username = $_POST[&#039;username&#039;];

// Prepare a SQL statement
$stmt = $pdo-&gt;prepare(&quot;SELECT * FROM users WHERE username = :username&quot;);
$stmt-&gt;execute([&#039;username&#039; =&gt; $username]);

// Check if the username exists in the database
if($stmt-&gt;rowCount() &gt; 0) {
    echo &quot;Username already exists&quot;;
} else {
    echo &quot;Username is available&quot;;
}

Keywords

SQL injection prepared statements mysqli query execution data validation

What potential issue is highlighted in the PHP code related to checking if a username already exists in the database?

Keywords

Related Questions