Therefore to avoid SQL injection, I started using PHP PDO functions to connect to my MySQL database. decided. However, when a user enters a quotation, what is possible to avoid putting \ tab on the table?
This is my code:
$ insert = $ conn-> gt; ('Name, author, category, description, number, figures, public, value, trial, name,' $ userId ',' $ category ',:' desc, '0', '$' viewer ',' date $ ' , 'Web', '0') "); $ Insert- & gt; Binamaram (': testName', $ testName, PDO :: param_ast); $ Insert- & gt; Bindamaram (': desc', $ desc, PDO :: PARAM_STR); $ Insert- & gt; Executed (); Note testName, it is a user input whenever I put a quotation mark, I do not want to be placed on the database. help please.
It seems that you have started, so slashes can be added. Magic quotes is a broken security concept and it has been disliked as PHP 5.3, so close the magic quotes for the future-proof code.
No comments:
Post a Comment