what is the best way to secure queries from a database?

Question

I heard that mysql query variables or queries are being depreciated and it's not advisable to use them any more, well I'm trying to update my simple website and I want to add some security features for my forms and my database, I have this query below

mysql_query("UPDATE users SET first_name='$name', last_name='$name2', username='$username' , phone_number='$phone', email='$email', user_level='$user_level', type='$type' WHERE id='$id'")
 or die(mysql_error());

or

$row = mysql_fetch_array($result);

What's the best way I can write a query without being attacked?

If you really want security, move away from `mysql_*` functions .. — UltraInstinct, Apr 28 '13 at 15:53
"mysql queries" are NOT being deprecated. the `mysql_*()` functions ARE deprecated. — Marc B, Apr 28 '13 at 15:53
Use [mysqli](http://php.net/manual/en/book.mysqli.php) instead of mysql. mysql functions are deprecated. — zurfyx, Apr 28 '13 at 15:57
@Thrustmaster: Security is not about using MySQLi or PDO, but about using parameterized queries: it's very easy to write unsafe code with both of them. — Marcel Korpel, Apr 28 '13 at 15:57

score 1 · Accepted Answer · edited May 23 '17 at 12:18

1

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

edited May 23 '17 at 12:18

Community

1
1

answered Apr 28 '13 at 15:54

rekire

47,260
30
167
264

what is the best way to secure queries from a database?

1 Answers1