Return to Question

Active reading [<http://en.wikipedia.org/wiki/HTML>]. The reference changed.

edited Jul 15, 2019 at 14:10

31.4k
22
110
134

Possible Duplicate:

Best way to stop SQL Injection in PHP How can I prevent SQL injection in PHP?

This is the example on w3schools.org:

HTML###HTML form:

<html>  <body>     <form action="insert.php" method="post">   Firstname: <input type="text" name="firstname" />   Lastname: <input type="text" name="lastname" />   Age: <input type="text" name="age" />   <input type="submit" />   </form>    </body> </html>

###File insert.php:

<?php  $con = mysql_connect("localhost","peter","abc123");  if (!$con)  {   die('Could not connect: ' . mysql_error());  }  mysql_select_db("my_db", $con);  $sql="INSERT INTO Persons (FirstName, LastName, Age)  VALUES  ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";  if (!mysql_query($sql,$con))  {   die('Error: ' . mysql_error());  }  echo "1 record added";  mysql_close($con) ?>

I've read through other threadsquestions on here, but I couldn't find a direct answer, as most were much more complicated.

EDIT: I looked at best way to stop sql-injection in phpHow can I prevent SQL injection in PHP?, but I'm a bit confused on how to modify this:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $unsafeValue));

Assuming I used the htmlHTML form above and wanted to insert the data from field 'firstname' into the database, should it look like this? Or am I supposed to modify column?:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $firstname));

Possible Duplicate:
Best way to stop SQL Injection in PHP

This is the example on w3schools.org:

HTML form:

<html> <body>   <form action="insert.php" method="post"> Firstname: <input type="text" name="firstname" /> Lastname: <input type="text" name="lastname" /> Age: <input type="text" name="age" /> <input type="submit" /> </form>   </body> </html>

insert.php:

<?php $con = mysql_connect("localhost","peter","abc123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); $sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?>

I've read through other threads on here, but couldn't find a direct answer, as most were much more complicated.

EDIT: I looked at best way to stop sql-injection in php, but I'm a bit confused on how to modify this:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $unsafeValue));

Assuming I used the html form above and wanted to insert the data from field 'firstname' into the database, should it look like this? Or am I supposed to modify column?:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $firstname));

Possible Duplicate:
How can I prevent SQL injection in PHP?

This is the example on w3schools.org:

###HTML form:

<html>  <body>   <form action="insert.php" method="post">   Firstname: <input type="text" name="firstname" />   Lastname: <input type="text" name="lastname" />   Age: <input type="text" name="age" />   <input type="submit" />   </form>  </body> </html>

###File insert.php:

<?php  $con = mysql_connect("localhost","peter","abc123");  if (!$con)  {   die('Could not connect: ' . mysql_error());  }  mysql_select_db("my_db", $con);  $sql="INSERT INTO Persons (FirstName, LastName, Age)  VALUES  ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')";  if (!mysql_query($sql,$con))  {   die('Error: ' . mysql_error());  }  echo "1 record added";  mysql_close($con) ?>

I've read through other questions on here, but I couldn't find a direct answer, as most were much more complicated.

I looked at How can I prevent SQL injection in PHP?, but I'm a bit confused on how to modify this:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $unsafeValue));

Assuming I used the HTML form above and wanted to insert the data from field 'firstname' into the database, should it look like this? Or am I supposed to modify column?:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $firstname));

added 44 characters in body

Source Link

edited Jan 2, 2019 at 16:56

Georg Plaz

Possible Duplicate:
Best way to stop SQL Injection in PHP

This is the example on w3schools.org:

HTML form:

<html> <body>  <form action="insert.php" method="post">  Firstname: <input type="text" name="firstname" />  Lastname: <input type="text" name="lastname" />  Age: <input type="text" name="age" />  <input type="submit" />  </form> </body> </html>

insert.php:

<?php $con = mysql_connect("localhost","peter","abc123"); if (!$con)  {   die('Could not connect: ' . mysql_error());  } mysql_select_db("my_db", $con); $sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')"; if (!mysql_query($sql,$con))  {   die('Error: ' . mysql_error());  } echo "1 record added"; mysql_close($con) ?>

I've read through other threads on here, but couldn't find a direct answer, as most were much more complicated.

EDIT: I looked at best way to stop sql-injection in php, but I'm a bit confused on how to modify this:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $unsafeValue));

Assuming I used the html form above and wanted to insert the data from field 'firstname' into the database, should it look like this? Or am I supposed to modify column?:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $firstname));

Possible Duplicate:
Best way to stop SQL Injection in PHP

This is the example on w3schools.org:

HTML form:

<html> <body> <form action="insert.php" method="post"> Firstname: <input type="text" name="firstname" /> Lastname: <input type="text" name="lastname" /> Age: <input type="text" name="age" /> <input type="submit" /> </form> </body> </html>

insert.php:

<?php $con = mysql_connect("localhost","peter","abc123"); if (!$con)  { die('Could not connect: ' . mysql_error());  } mysql_select_db("my_db", $con); $sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')"; if (!mysql_query($sql,$con))  { die('Error: ' . mysql_error());  } echo "1 record added"; mysql_close($con) ?>

I've read through other threads on here, but couldn't find a direct answer, as most were much more complicated.

EDIT: I looked at best way to stop sql-injection in php, but I'm a bit confused on how to modify this:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $unsafeValue));

Assuming I used the html form above and wanted to insert the data from field 'firstname' into the database, should it look like this? Or am I supposed to modify column?:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $firstname));

Possible Duplicate:
Best way to stop SQL Injection in PHP

This is the example on w3schools.org:

HTML form:

<html> <body>  <form action="insert.php" method="post">  Firstname: <input type="text" name="firstname" />  Lastname: <input type="text" name="lastname" />  Age: <input type="text" name="age" />  <input type="submit" />  </form> </body> </html>

insert.php:

<?php $con = mysql_connect("localhost","peter","abc123"); if (!$con) {   die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); $sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')"; if (!mysql_query($sql,$con)) {   die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?>

I've read through other threads on here, but couldn't find a direct answer, as most were much more complicated.

EDIT: I looked at best way to stop sql-injection in php, but I'm a bit confused on how to modify this:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $unsafeValue));

Assuming I used the html form above and wanted to insert the data from field 'firstname' into the database, should it look like this? Or am I supposed to modify column?:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $firstname));

replaced http://stackoverflow.com/ with https://stackoverflow.com/

Source Link

edited May 23, 2017 at 11:46

URL Rewriter Bot

Possible Duplicate:
Best way to stop SQL Injection in PHP Best way to stop SQL Injection in PHP

This is the example on w3schools.org:

HTML form:

<html> <body> <form action="insert.php" method="post"> Firstname: <input type="text" name="firstname" /> Lastname: <input type="text" name="lastname" /> Age: <input type="text" name="age" /> <input type="submit" /> </form> </body> </html>

insert.php:

<?php $con = mysql_connect("localhost","peter","abc123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); $sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?>

I've read through other threads on here, but couldn't find a direct answer, as most were much more complicated.

EDIT: I looked at best way to stop sql-injection in php best way to stop sql-injection in php, but I'm a bit confused on how to modify this:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $unsafeValue));

Assuming I used the html form above and wanted to insert the data from field 'firstname' into the database, should it look like this? Or am I supposed to modify column?:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $firstname));

Possible Duplicate:
Best way to stop SQL Injection in PHP

This is the example on w3schools.org:

HTML form:

<html> <body> <form action="insert.php" method="post"> Firstname: <input type="text" name="firstname" /> Lastname: <input type="text" name="lastname" /> Age: <input type="text" name="age" /> <input type="submit" /> </form> </body> </html>

insert.php:

<?php $con = mysql_connect("localhost","peter","abc123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); $sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?>

I've read through other threads on here, but couldn't find a direct answer, as most were much more complicated.

EDIT: I looked at best way to stop sql-injection in php, but I'm a bit confused on how to modify this:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $unsafeValue));

Assuming I used the html form above and wanted to insert the data from field 'firstname' into the database, should it look like this? Or am I supposed to modify column?:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $firstname));

Possible Duplicate:
Best way to stop SQL Injection in PHP

This is the example on w3schools.org:

HTML form:

<html> <body> <form action="insert.php" method="post"> Firstname: <input type="text" name="firstname" /> Lastname: <input type="text" name="lastname" /> Age: <input type="text" name="age" /> <input type="submit" /> </form> </body> </html>

insert.php:

<?php $con = mysql_connect("localhost","peter","abc123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); $sql="INSERT INTO Persons (FirstName, LastName, Age) VALUES ('$_POST[firstname]','$_POST[lastname]','$_POST[age]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?>

I've read through other threads on here, but couldn't find a direct answer, as most were much more complicated.

EDIT: I looked at best way to stop sql-injection in php, but I'm a bit confused on how to modify this:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $unsafeValue));

Assuming I used the html form above and wanted to insert the data from field 'firstname' into the database, should it look like this? Or am I supposed to modify column?:

$preparedStatement = $db->prepare('INSERT INTO table (column) VALUES (:column)'); $preparedStatement->execute(array(':column' => $firstname));

insert duplicate link

Source Link

edited Mar 9, 2012 at 1:41

Community Bot

Post Closed as "exact duplicate" by Quentin, Your Common Sense, Maxim Krizhanovsky, Marcus Adams, Graviton

How can I prevent SQL injection in PHP?

occurred Mar 9, 2012 at 1:41

added 676 characters in body

Source Link

edited Mar 8, 2012 at 20:59

Miles P

1.2k
6
20
36

Source Link

asked Mar 8, 2012 at 20:20

Miles P

1.2k
6
20
36

Collectives™ on Stack Overflow

Return to Question