Hello Guys,
I have heard about SQL injection, that is a very dangerous thing that can harm the database. so i want to know how i can prevent sql injection to infect my database via my php page. I'm using MySQL database with PHP extension mysqli
Printable View
Hello Guys,
I have heard about SQL injection, that is a very dangerous thing that can harm the database. so i want to know how i can prevent sql injection to infect my database via my php page. I'm using MySQL database with PHP extension mysqli
you can make them in SQL forum
Prepared Statements do not combine variables with SQL strings, so it is not possible for an attacker to modify the SQL statement.
I have no ideas about this.
Working with SQL statements, you absolutely not be added to the parameter string you for user input.
You must remove the special characters used in the query
What happens is that the SQL statement you pass to prepare is parsed and compiled by the database server.