DEV Community

Cover image for SQL Injection!!!
amirhossein
amirhossein

Posted on

SQL Injection!!!

Hi guys . How to protect yourself from SQL Injection?
Specially Inputs???
I know i can google it but i think experiences are more useful.

Top comments (4)

Collapse
 
molleer profile image
David Möller

Prepared statements has pretty much solved this problem

Collapse
 
amirdev profile image
amirhossein

Preparing and then binding parameters? Yes and also you can use addslashes method in PHP it gives a backslash before characters and this protects you from SQL Injection ...

Collapse
 
vlasales profile image
Vlastimil Pospichal • Edited

addslashes don't prevent SQL injection.

php.net/manual/en/function.addslas...
The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.

Collapse
 
peledzohar profile image
Zohar Peled