Skip to main content

Return to Answer

Rollback to Revision 2
Source Link
Your Common Sense
Your Common Sense
  • 157.6k
  • 42
  • 220
  • 354

Use PDO and prepared queries.

($conn is a PDO object)

$stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->execute();

Along with PDO and Prepared queries, make sure that all input variables must be sanitized properly with trim() and strip_tags() as mentioned here.

Use PDO and prepared queries.

($conn is a PDO object)

$stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->execute();

Along with PDO and Prepared queries, make sure that all input variables must be sanitized properly with trim() and strip_tags() as mentioned here.

Use PDO and prepared queries.

($conn is a PDO object)

$stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->execute();
added more content about sanitization of characters
Source Link
Chetan Soni
Chetan Soni
  • 834
  • 1
  • 7
  • 11

Use PDO and prepared queries.

($conn is a PDO object)

$stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->execute();

Along with PDO and Prepared queries, make sure that all input variables must be sanitized properly with trim() and strip_tags() as mentioned here.

Use PDO and prepared queries.

($conn is a PDO object)

$stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->execute();

Use PDO and prepared queries.

($conn is a PDO object)

$stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->execute();

Along with PDO and Prepared queries, make sure that all input variables must be sanitized properly with trim() and strip_tags() as mentioned here.

Post Made Community Wiki by animuson
formatting
Source Link
casillas
casillas
  • 16.7k
  • 21
  • 119
  • 223

Use PDOPDO and prepared queries.

($conn$conn is a PDOPDO object)

$stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->execute();

Use PDO and prepared queries.

($conn is a PDO object)

$stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->execute();

Use PDO and prepared queries.

($conn is a PDO object)

$stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)");
$stmt->bindValue(':id', $id);
$stmt->bindValue(':name', $name);
$stmt->execute();
Source Link
Imran
Imran
  • 89.8k
  • 24
  • 98
  • 131