I started to blog. It's about business interview questions. I will look for the answer to another question. That question;
"What are the methods of protection from SQL injection in PHP?"
First of all, NEVER TRUST THE USER! SQL Injection is a technique used by users to take control of a database query by writing a query to the input fields. You can see a simple example in the following.
$name = $_GET['username']; $query = "SELECT password FROM tbl_user WHERE name = '$name' ";
If the user inserts "admin' OR 1=1 -- " into the username input, the user can see user password field.
$name = "admin' OR 1=1 -- "; $query = "SELECT password FROM tbl_user WHERE name = '$name' ";
Simply as shown above. Well, how do I protection from this mistake?
Aug 10, 2017