PHP 7 Script to Insert Data to MySQL Database Using Prepared Statements and Preventing SQL Injection Full Project For Beginners

  • Post author:
  • Post category:PHP
  • Post comments:0 Comments

 

Welcome folks today in this blog post we will be inserting data to mysql database using prepared statements and preventing sql injection in browser using php 7.All the full source code of the application is given below.

 

 

 

Get Started

 

 

 

In order to get started you need to make an index.php file and copy paste the following code

 

 

index.php

 

 

<?php
$host = "localhost";
$user = "root";
$password = "";
$db = "ico";
$conn = mysqli_connect($host, $user, $password, $db);

if (isset($_POST['submit'])) {
$username = $_POST[ 'username' ];
$password = $_POST[ 'password' ];
$query = "SELECT * FROM users WHERE username=? AND pw=?";
$runquery = mysqli_prepare($conn, $query);

$runquery->bind_param( 'ss', $username, $password);
$runquery->execute();

if ( mysqli_num_rows( $runquery ) > 0 ) {
  echo "Successfully logged in";
}
else {echo "Log in failed!";}
}
?>

<form method="post" action="test2.php">
  <input type="text" name="username"><br/>
  <input type="password" name="password"><br/>
  <input type="submit" name="submit" value="Login">
</form>

Leave a Reply