Asked 2 years ago
20 Apr 2022
Views 470
steave

steave posted

How can I prevent SQL injection in PHP?


$username=$_REQUEST['username'];
$sel="select * from where username="$username"";

so in above query if some input " ''; truncate table anytable name " as username
so if that so it will empty table anytable
jessica

jessica
answered May 17 '22 00:00

php function mysql_real_escape_string use to escape single quote and double quote to avoid exposing SQL


$username=$_REQUEST['username'];
$sel="select * from where username=".mysql_real_escape_string($username);



Post Answer