Mysql PDO standard insert (persist) of data to a table with placeholders to protect from MySQL injection attacks

This is a much more secure way to insert records and prevent MySQL injection. This assumes that $this-conn is your MySQLi PDO database connection object that you’ve already initialized:

<?php
public function insert_referred($id,$name,$email)
{
if ($email==”) {return false;}
$new_date = date(“m-d-Y”);
$name=addslashes($name);
$email=addslashes($email);
$sql = “INSERT INTO referred (id, name, email,date)
VALUES (?,?,?,?)”;
$stmt = $this->conn->prepare($sql);
if( $stmt->bind_param(‘isss’,$id,$name,$email,$new_date) ){
$stmt->execute();
$stmt->close();
return true;
}
else {
echo 'Entry Failed, please try again later.';
return false;
}
}

<?php

public function insert_referred($id,$name,$email)

{

if ($email==”) {return false;}

$new_date = date(“m-d-Y”);

$name=addslashes($name);

$email=addslashes($email);

$sql = “INSERT INTO referred (id, name, email,date)

VALUES (?,?,?,?)”;

$stmt = $this->conn->prepare($sql);

if( $stmt->bind_param(‘isss’,$id,$name,$email,$new_date) ){

$stmt->execute();

$stmt->close();

return true;

}

else {

echo 'Entry Failed, please try again later.';

return false;

}

Please note that a lot of the PHP snippets on this site assume you have some level of PHP experience. I use this site as a repository of many frequent code snippets and things I find I look up a lot as a central way to reference materials. Feel free to use and share as you see fit!

– Aaron Belchamber

Mysql PDO standard insert (persist) of data to a table with placeholders to protect from MySQL injection attacks

Like this:

Related

Aaron Belchamber has written 243 articles

Leave a Reply

Share this:

Like this:

Related

Aaron Belchamber has written 243 articles

Leave a Reply