Learn how to use OOP to sanitize the values before submission to the database to protect against SQL injection attacks.
- [Instructor] Eagle-eyed observers…may have noticed that we have a problem…inside our project.…That is, that we've not been sanitizing the data…before we submit it to the database and our SQLSTATE.…That's an important step.…Let's say, for example, that I had an insert statement…that looked something like this.…I've got values for brand, model, and year…that are Faker, Mike's Bike, and 2017.…There's a problem with that second value, Mike's Bike.…Notice that Mike's Bike is being delimited on either end…by single quotes, but it also contains…a single quote inside of it.…
SQL is going to think that the value that's…being submitted is everything from the first single quote…up until the single quote that's between the e and the s.…Instead, we need to escape that value,…so that SQL will know that it's not a…meaningful character, that it's not a delimiter,…that it's actually part of the text.…We do that by putting a backslash in front of it.…That escapes the single quote, and renders it harmless.…Now, this is just a simple example,…
Note: This is an intermediate-level training course that assumes you have existing knowledge of PHP. To refresh your skills, check out PHP Essential Training and PHP: Object-Oriented Programming.
- Creating a project database and tables
- Connecting to the database
- Database queries with OOP
- The active record design pattern
- Defining a database-driven class
- Performing common database tasks with OOP
- Creating inheritable and reusable code
- Object-oriented user authentication
- Object-oriented pagination
Skill Level Intermediate
Consuming RESTful APIs in PHP with Guzzlewith Justin Yost2h 12m Intermediate
PHP: Accessing Databases with PDO and MySQLiwith David Powers3h 47m Intermediate
1. Overview and Project Setup
2. The Database Connection
3. Define a Database-Driven Class
4. Object-Oriented CRUD
5. Object-Oriented Authentication
6. Object-Oriented Pagination
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.