What security vulnerability does the initial PHP code snippet pose?
The initial PHP code snippet poses a security vulnerability known as SQL injection. This vulnerability allows attackers to manipulate database queries by injecting malicious SQL code into input fields. To prevent SQL injection, it is important to use prepared statements with parameterized queries in PHP.
// Fix for SQL injection vulnerability using prepared statements
$stmt = $pdo->prepare("SELECT * FROM users WHERE username = :username AND password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
Keywords
Related Questions
- What are the advantages of using PHPMailer or SwiftMailer over the traditional mail() function in PHP?
- What are some common pitfalls when fetching data from a MySQL database in PHP and how can they be avoided?
- How can prepared statements be utilized in PHP to prevent SQL injection vulnerabilities when executing database queries?