- SPLessons

Prevent MySql Injection in PHP

SPLessons 5 Steps, 3 Clicks
5 Steps - 3 Clicks

Prevent MySql Injection in PHP

Prevent MySql Injection in PHP


 

Description :

Unknown user can harm to your website, So you can prevent Mysql injections from Prepare and Execute query in PHP.
The following example shows how to prepare simple ‘Prepare and Execute’ query in PHP

 

What is SQL Injection? :

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.

 

Add below code in PHP file
 


//use below code
 $query="SELECT * FROM table_name where username='".$username."' and password='".$password."'";
 $stmt2 = $db->prepare($query2);
 $stmt2->execute(); // this will avoid mysql injection

// instead of
  $query="SELECT * FROM table_name where username='".$username."' and password='".$password."'";
  $result = mysql_query($query);