I am designing an iOS mobile app in Swift which uses a remote SQL database for its backend. This app has a lot of interactions with the database, due to this I want to ensure it is safe from SQL injection. My first idea was to check in Swift if the text in the UITextView contains any blacklisted words, however after reading this:
I'm not sure if blacklisting is a good idea; although I'm not sure about the degree to which these problems affect mobile apps; as this was written about websites. Another thing I read about was using parametirised queries, although I don't really understand what this means exactly as most examples I read were designed for websites as well; the way I currently connect to my database is through sending a POST request from a NSURLSession to a PHP script on my server. This is a typical example of what I do in my PHP script :
$user_id = $_POST['user_id'];
$second_field = $_POST['second_field'];
$conn=mysqli_connect("localhost", "***", "***","***");
$result = mysqli_query($conn,"INSERT INTO my_table (user_id, second_field) VALUES ('$user_id', '$second_field')");
