Sun. Jan 19th, 2020

Host your Website

Read and learn

39: Protect your database against SQL injection using MySQLi | PHP tutorial | Learn PHP programming

1 min read



Learn to protect your database against SQL injection using MySQLi. Today we will learn how to protect our database from SQL injection using MySQLi. The MySQLi function is called mysqli_real_escape_string(), and helps escape any form text that the user passes on from the website, in case they try to inject code into our database.

In the next episode we will learn how to interact with our database using Prepared Statements, which is a preferred method of interacting with databases, since it is safer and in some cases faster.

➤ GET ACCESS TO MY LESSON MATERIAL HERE!

First of all, thank you for all the support you have given me!

I am really glad to have such an awesome community on my channel. It motivates me to continue creating and uploading content! So thank you!

I am now using Patreon to share improved and updated lesson material, and for a small fee you can access all the material. I have worked hard, and done my best to help you understand what I teach.

I hope you will find it helpful 🙂

Material for this lesson: https://www.patreon.com/posts/php-39-download-15654426

35 thoughts on “39: Protect your database against SQL injection using MySQLi | PHP tutorial | Learn PHP programming

  1. is it necessary to use mysqli_real_escape_string with numbers? I mean if im getting a user id in $_POST variable should I write $userid = mysqli_real_escape_string($con,$_POST["userid"]);?

  2. Actually you are the best, GO ON
    i got this problem : Any suggestions
    in browser http://localhost:81/connectToDatabase/includes/signup.inc.php
    Notice: Undefined index: first in C:xampphtdocsconnectToDatabaseincludessignup.inc.php on line 4

    Notice: Undefined index: last in C:xampphtdocsconnectToDatabaseincludessignup.inc.php on line 5

    Notice: Undefined index: uid in C:xampphtdocsconnectToDatabaseincludessignup.inc.php on line 6

    Notice: Undefined index: email in C:xampphtdocsconnectToDatabaseincludessignup.inc.php on line 7

    Notice: Undefined index: pwd in C:xampphtdocsconnectToDatabaseincludessignup.inc.php on line 8

  3. Is it necessary to have two "$conn" ??

    I mean we put "$conn" in each variable to keep it connect to the sever
    while we hv already put it below " mysqli_query($conn, $sql)"

    Does it function the same thing while only keep either one ??

    Please let me know if above is not clear.

  4. Hahahahaha I was able to log into my server using 'OR''=' as the username and password. After watching this video, that doesn't work anymore : P (noob coder here). Still paranoid my friends are out to get me by sql injection : O

  5. wait, so do we use both the 'real_escape_string' method and the prepared statements method, or just one of them (of which 'prepared statements' is more robust against hacker injection)?

Comments are closed.

Copyright © All rights reserved. | Newsphere by AF themes.