Find solution

How to prevent an SQL injection in PHP?

Here are 53 best answers to ‘How to prevent an SQL injection in PHP?’ - the most relevant comments and solutions are submitted by users of Stack Overflow, Yahoo! Answers and Quora.

Best solution

  • How to prevent SQL injection in PHP?

    If user input is inserted into an SQL query directly, the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO table (column) VALUES ('" . $unsafe_variable . "')"); That's because the user can input something like value'); DROP TABLE table;--, making the query: INSERT INTO table (column) VALUES('value'); DROP TABLE table;--') What should one do to prevent this?

    Answer:

    Use prepared statements and parameterized queries. These are SQL statements that are sent to and parsed...

    Mark as irrelevant Undo

Other solutions