New course! Every coder should learn Generative AI!
Try a free lesson0
Insert unsafe string to database
Hello, I have to insert to my db table some unsafe data that can have query(SQL injection) inside. Is there a secure way to insert this data? I am using pdo but I have only access to query() method.
2 Answers
+ 2
You can use prepared statement:
$connection = new PDO("mysql:host=localhost;dbname=database", $username, $password);
$sql = "SELECT * FROM table WHERE search = :search";
$statement = $connection->prepare($sql);
$statement->bindParam(":search", $_GET["search"]);
$statement->execute();
// Other codes
http://php.net/manual/en/pdo.prepared-statements.php
0
in java there is a PreparedStatement object that I use for mySql insertions and updates and those thing (use ResultSet for queries)
not sure about php tho. im sure there are functions :/
Often have questions like this?
Learn more efficiently, for free:
Hot today
Strange narrowing conversion error from FLTK Color to Color Struct, Stroustrup's header Graph.h
0 Votes
Can anyone help me with this?
0 Votes
Any good alternative to do this
2 Votes
While loop with input dont work
1 Votes
Python Question
1 Votes
How to learn fast C?
0 Votes
Python frameworks problem
0 Votes
Coder or Programmers
2 Votes