My Blog Posts

PHP PDO SQL INJECTING CASE SHUTDOWN

PHP PDO SQL INJECTING CASE SHUTDOWN


Prepare Method

I changed the mysql_query function I used for the query where I checked the login page, so I wrote my parameters instead of typing the data directly from the login form, and i assigned my data to these parameters with the execute method so that the pdo safely ran the query for us.

 

PHP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
$query = $db->prepare("SELECT * FROM users WHERE (username=:username OR email=:username) AND (password=:password)");;
        $query->execute([
            ':username' =>  $username,
            ':password' =>  $password
        ]);
 
        if($query->rowCount() > 0){
          if the result is spinning
          echo 'input successful';
          $username = $query->fetch(PDO::FETCH_OBJ)->username;
          $_SESSION['user'] = $username;
          header('location: index.php') ;;
          i printed my username to sessiona and redirected it to the homepage
        }



Share this article


Comments (0)

Comment