|
How to prevent SQL injection in PHP?
If user input is inserted into an SQL query directly, the application becomes vulnerable to SQL injection, like in the following example:
$unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO table (column) VALUES ('" . $unsafe_variable . "')"); That's because the user can input something like value'); DROP TABLE table;--, making the query: INSERT INTO table (column) VALUES('value'); DROP TABLE table;--') What should one do to prevent this? |
| All times are GMT -7. The time now is 11:54 AM. |
Powered by vBulletin Copyright © 2020 vBulletin Solutions, Inc.