How can I prevent SQL injection in PHP

0 votes

The programme  becomes vulnerable to SQL injection if user input is added to a SQL query without change, as in the example below:

$unsafe_variable = $_POST['user_input']; 

mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')");

This is due to the user's ability to input items like value'); DROP TABLE table;—, and the query becomes:

INSERT INTO `table` (`column`) VALUES('value'); DROP TABLE table;--')

What steps may be taken to avoid this scenario?

Jul 28 in PHP by Kithuzzz
• 4,480 points
4 views

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.

Related Questions In PHP

0 votes
1 answer

How can I handle the warning of file_get_contents() function in PHP?

Hello @kartik, This is fairly simple: if (!$data = ...READ MORE

answered Apr 7, 2020 in PHP by Niroj
• 82,740 points
7,103 views
0 votes
1 answer

How can I connect to a Tor hidden service using CURL in PHP?

Hello @kartik, I use Privoxy and cURL to scrape Tor ...READ MORE

answered May 19, 2020 in PHP by Niroj
• 82,740 points
3,084 views
0 votes
1 answer

How can I do an UPDATE statement with JOIN in SQL Server?

Hello @kartik, This should work in SQL Server: update ...READ MORE

answered Jul 21, 2020 in PHP by Niroj
• 82,740 points
270 views
0 votes
1 answer

How can I compare two dates in PHP?

Hello @kartik, If all your dates are posterior ...READ MORE

answered Aug 27, 2020 in PHP by Niroj
• 82,740 points
232 views
0 votes
1 answer

How can I upload Multiple file in php?

Hello @kartik, Multiple files can be selected and ...READ MORE

answered Aug 27, 2020 in PHP by Niroj
• 82,740 points
294 views
0 votes
1 answer

How can I get useful error messages in PHP?

Hello @kartik, The following enables all errors: ini_set('display_startup_errors', 1); ini_set('display_errors', ...READ MORE

answered Sep 16, 2020 in PHP by Niroj
• 82,740 points
116 views
0 votes
0 answers

Creating a search form in PHP [duplicate]

I am working on a function where ...READ MORE

Jun 9 in PHP by Kichu
• 19,040 points
15 views
0 votes
0 answers

How to delete image form folder and database

With the code below, I'm displaying data ...READ MORE

Jul 26 in PHP by Kithuzzz
• 4,480 points
16 views
0 votes
0 answers

How to fetch specific data from MySQL database to my PHP table?

I want to get data from the ...READ MORE

Jul 28 in PHP by Kithuzzz
• 4,480 points
9 views
0 votes
0 answers

php records navigation

Code: <?php $host='localhost'; $user='root'; $password='root'; $database='database'; $startindex=@$_REQUEST['seek']; $db=mysql_connect($host, ...READ MORE

Aug 8 in PHP by Kithuzzz
• 4,480 points
7 views
webinar REGISTER FOR FREE WEBINAR X
Send OTP
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP