Home How can I prevent SQL injection in PHP?
Reply: 0

How can I prevent SQL injection in PHP?

user630
1#
user630 Published in February 25, 2018, 5:18 pm

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example:

$unsafe_variable = $_POST['user_input']; 

mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')");

That's because the user can input something like value'); DROP TABLE table;--, and the query becomes:

INSERT INTO `table` (`column`) VALUES('value'); DROP TABLE table;--')

What can be done to prevent this from happening?

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.734452 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO