Olgun DUTKAN

Olgun DUTKAN

Senior Developer

How I became an engineer by going to a business interview #episode2

How I became an engineer by going to a business interview #episode2

I started to blog. It's about business interview questions. I will look for the answer to another question. That question;

"What are the methods of protection from SQL injection in PHP?"

First of all, NEVER TRUST THE USER! SQL Injection is a technique used by users to take control of a database query by writing a query to the input fields. You can see a simple example in the following.

$name = $_GET['username'];
$query = "SELECT password FROM tbl_user WHERE name = '$name' ";

If the user inserts "admin' OR 1=1 -- " into the username input, the user can see user password field.

$name = "admin' OR 1=1 -- ";
$query = "SELECT password FROM tbl_user WHERE name = '$name' ";

Simply as shown above. Well, how do I protection from this mistake?

Aug 10, 2017