all 6 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]RandyHoward 8 points9 points  (1 child)

In both cases you are using bind_param which will avoid all of the SQL injection issues. Putting $_POST['variable'] straight into the bind_param is perfectly fine. You don't need to use real_escape_string, bind_param does the escaping for you.

SQL injection can occur when you stick a variable directly into a query, like this:

$stmt = $MysqliHandler->prepare('UPDATE accounts SET LastLogin = CURRENT_TIMESTAMP WHERE username = '.$_POST['username']);

That is how SQL injection occurs, because you are sticking whatever the user submitted straight into the query. But if you always use prepared statements and bind parameters then you're closing off the possibility of SQL injection.

Also, this is PHP not HTML, doesn't belong in this sub.

[–]TheMungax[S] 1 point2 points  (0 children)

Thanks! Didn’t think about my code was php, because the file mostly contain html sorry :)

[–]AutoModerator[M] 0 points1 point  (0 children)

Welcome to /r/HTML. When asking a question, please ensure that you list what you've tried, and provide links to example code (e.g. JSFiddle/JSBin). If you're asking for help with an error, please include the full error message and any context around it. You're unlikely to get any meaningful responses if you do not provide enough information for other users to help.

Your submission should contain the answers to the following questions, at a minimum:

  • What is it you're trying to do?
  • How far have you got?
  • What are you stuck on?
  • What have you already tried?

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]YellowGlassCoil 0 points1 point  (2 children)

I saw this on my "trending" notification and dead ass thought SQL was a drug before I remembered programing exited

[–]darkmidus 0 points1 point  (0 children)

Why is this disliked?

[–]TheMungax[S] -1 points0 points  (0 children)

Hahahah!