PHP 7 Script to Insert Data to MySQL Database Using Prepared Statements and Preventing SQL Injection Full Project For Beginners

  • Post author:
  • Post category:PHP
  • Post comments:0 Comments


Welcome folks today in this blog post we will be inserting data to mysql database using prepared statements and preventing sql injection in browser using php 7.All the full source code of the application is given below.




Get Started




In order to get started you need to make an index.php file and copy paste the following code






$host = "localhost";
$user = "root";
$password = "";
$db = "ico";
$conn = mysqli_connect($host, $user, $password, $db);

if (isset($_POST['submit'])) {
$username = $_POST[ 'username' ];
$password = $_POST[ 'password' ];
$query = "SELECT * FROM users WHERE username=? AND pw=?";
$runquery = mysqli_prepare($conn, $query);

$runquery->bind_param( 'ss', $username, $password);

if ( mysqli_num_rows( $runquery ) > 0 ) {
  echo "Successfully logged in";
else {echo "Log in failed!";}

<form method="post" action="test2.php">
  <input type="text" name="username"><br/>
  <input type="password" name="password"><br/>
  <input type="submit" name="submit" value="Login">

Leave a Reply