0

I am new to php and stuff like that. But i decided to create my very simple insert page with PDO , so is PDO secure enough against SQL Injection attacks?

Here is my code: 

<?php
//Database settings 
$host = 'localhost';
$dbname= 'akar';
$user = 'akar';
$pass = 'raparen';

//Setting up the PDO
$dsn = "mysql:host=$host;dbname=$dbname";
$pdo = new PDO($dsn,$user,$pass);


//Check if user entered something, otherwise set the username variable string to nothing.
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';

//Inserting the values to the database using named placeholders 
$query = "INSERT INTO users (username,password)  VALUES(:username,:password)";
$statement = $pdo->prepare($query);
$statement->execute(array(
    ':username'=> $username,
    ':password'=> $password
));

?>

My form: 

<input type='text' placeholder='Enter Username here!' name='username' />
<input type='password' placeholder='Enter Password here!' name='password' />
<input type='submit' value='Submit' />

</form>
Akar
  • 5,075
  • 2
  • 25
  • 39

1 Answers1

0

In your case, that code is fine. It prevents from any first order injection.

There is a really good discussion on this subject in the following question:

Are PDO prepared statements sufficient to prevent SQL injection?

Community
  • 1
  • 1
Scopey
  • 6,269
  • 1
  • 22
  • 34