From the course: PHP for Web Designers
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Embedding a variable in a query securely - PHP Tutorial
From the course: PHP for Web Designers
Embedding a variable in a query securely
To display the selected product's details in this page, you need to extract the value of the ID from the query string at the end of the URL. And that uses, in the database query, to get the appropriate database record. Extracting the value from the query string is easy. It's in the get array, one of PHP's superglobal arrays, that was discussed in the previous chapter. But you can't put the value directly in a database query. At least, not without running the risk of a malicious attack known as SQL injection. The URL can be easily altered. Injecting code into the query, that could expose sensitive information. Or even destroy all your data. So, you need to take precautions. There are several approaches you can take, the one we are going to use is called real escape string. So, let's get to work in our editing program and scroll right to the top of mixed.php and copy the whole of that PHP code block above the doc type. Then you need to open, details.php which is in the Mixed folder, and…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
-
(Locked)
Loading data into MySQL5m 37s
-
(Locked)
Connecting to the database7m 47s
-
Querying the database6m 15s
-
(Locked)
Displaying the results of the query3m 50s
-
(Locked)
Using modulo division to establish a repeating series4m 20s
-
(Locked)
Repeating output at specific intervals in a loop4m 56s
-
(Locked)
Linking to a details page2m 40s
-
(Locked)
Embedding a variable in a query securely6m 5s
-
(Locked)
Handling database errors gracefully--and securely8m 40s
-
(Locked)
-
-