0

Insert unsafe string to database

Hello, I have to insert to my db table some unsafe data that can have query(SQL injection) inside. Is there a secure way to insert this data? I am using pdo but I have only access to query() method.

phpmysqlpdo
14th Jun 2017, 10:18 PM
Mateusz Nowak
Mateusz Nowak - avatar
2 Respostas
+ 2
You can use prepared statement: $connection = new PDO("mysql:host=localhost;dbname=database", $username, $password); $sql = "SELECT * FROM table WHERE search = :search"; $statement = $connection->prepare($sql); $statement->bindParam(":search", $_GET["search"]); $statement->execute(); // Other codes http://php.net/manual/en/pdo.prepared-statements.php
18th Jul 2017, 6:33 PM
$machitgarha
$machitgarha - avatar
0
in java there is a PreparedStatement object that I use for mySql insertions and updates and those thing (use ResultSet for queries) not sure about php tho. im sure there are functions :/
18th Jun 2017, 6:27 AM
Michael Szczepanski
Michael Szczepanski - avatar

Costuma ter perguntas como essa?

Aprenda de maneira mais eficiente, de graça:

Ver todos os cursos
Quente hoje
Sticky position
3 Votes
Help please?
3 Votes
Hi Friends , how to compile a java code on android.
3 Votes
How to get better with problem-solving and programming
1 Votes
Ejercicio Pytho
0 Votes
Online voting system
2 Votes
What is that z for
0 Votes
Suggestions needed
4 Votes
Bug on "Java for Beginners Module 3 Quiz"
1 Votes
Odd even threads without condition variable
0 Votes