0
Best way to avoid SQL injection on php ?
Hello im a starter of php, i would like to create a social media but i would like to know what the best builtin function for avoir sql injection thx
3 Respostas
+ 2
use htmlspecialchar in your html form tag
+ 2
Validations on every form you use. If you validate every form to avoid special characters and reserved words you should not face issues with that as far as I understand.
+ 1
Use htmlspecialchar when receiving values that could be manipulated by the user or where a value can be mocked from an individual request (such as from a request made via postman or curl).
Also make sure you use parameterized queries for touching the database so that you don’t directly input what was provided from the user.
If you know anything about different programming paradigms, it would be best to use a class with parameterized methods (in the case of OOP) or maybe a pure function that handles the query after filtering the input (if using functional program for example).
Consider using a library to prevent rolling your own solution if you’re not confident and make sure to learn as much as you can about handling user input.
Best of luck.