How to prevent PHP - SQL Injection?

Asked Apr 08 '15 at 21:55

Active Apr 08 '15 at 21:56

Viewed 26 times

i have this code and it seems its vulnerable to sql injection. How can i secure this?

mysql_query $query = mysql_query("SELECT * FROM users WHERE username='$username'") or die (mysql_error()); 

$username = $_POST['username'];

edited Apr 08 '15 at 21:56

Jay Blanchard

asked Apr 08 '15 at 21:55

Mark

Did you google this at all? – crthompson Apr 08 '15 at 21:56
1

[Prevent SQL Injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Please, [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo). – Jay Blanchard Apr 08 '15 at 21:57

0 Answers0