Search
 
SCRIPT & CODE EXAMPLE
 
CODE EXAMPLE FOR PHP

Securing form from possible sql injection

//Using PDOStatement to protect db from sql injection
// text is the form field you are trying to protect
//We are using  $sql here as the object and joke_table is the
// name of the database table we will insert our jokes in.
//Text in here represents the database column that our users  
//input will be inserted in.

if (isset($_POST['text'])) {
   try {
        $pdo= new PDO('mysql:host=localhost;dbname=omo; chaerset=utf8','username','passwrd');
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $sql = 'INSERT INTO `joke_table` SET   
        `text` = :text, 
        `date` = CURDATE()'; 
        $stmt = $pdo->prepare($sql); 
        $stmt->bindValue(':text', $_POST['text']); 
        $stmt->execute(); 
        header('location: thank.php'); 
      } catch (PDOException $e) {
            echo 'error in connecting to the database'.$e->getMessage().'in'.$e->getFile().':'. $e->getLine(). $e->getCode();
         
    } 
    } else {
    // use any logic that you would like to happen here

    }
 
PREVIOUS NEXT
Tagged: #Securing #form #sql #injection
ADD COMMENT
Topic
Name
7+8 =