Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- How to prevent mysql injection in Php before it is submitted to the database [closed]
- $stmt = $db->prepare(
- 'UPDATE users ' .
- 'SET userEmail=:email, userSalt=:salt, userPass=:pass ' .
- 'WHERE userId=:userId LIMIT 1' );
- $stmt->bindParam( ':email', $this->_email, PDO::PARAM_STR );
- $stmt->bindParam( ':salt', $this->_salt, PDO::PARAM_STR );
- $stmt->bindParam( ':pass', $this->_password, PDO::PARAM_STR );
- $stmt->bindParam( ':userId', $this->_id, PDO::PARAM_INT );
- $stmt->execute();
- $pdo = new PDO($stuff);
- $stmt = $pdo->prepare('SELECT * FROM foo WHERE bar = :baz');
- $stmt->bindParam(':baz', $baz);
- $stmt->execute();
- <?php
- function hashPassword($str)
- {
- return hash("sha512", $str . "salt");
- //Change so it fits your database configuration.
- }
- $username = mysql_real_escape_string($_POST['username']);
- $password = hashPassword($_POST['password']);
- ?>
Add Comment
Please, Sign In to add comment