CLOSING PHP PDO SQL INDEX DEFICIT

Prepare Methodu

On the Login page, I replaced the mysql_query function I used for the query I emailed and password checked with the prepare method of the class so that instead of writing the data from the login form directly, I wrote down my parameters and assigned my data to these parameters with execute method so that the pdo could safely run the query for us.

 

PHP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
$query = $db->prepare("SELECT * FROM users WHERE (username=:username OR email=:username) AND (password=:p assword)");
        $query->execute([
            ':username' =>    $username,
            ':p assword' =>    $password
        ]);
 
        if($query->rowCount() > 0){
          if the result returns
          echo 'input successful';
          $username = $query->fetch(PDO::FETCH_OBJ)->username;
          $_SESSION['user'] = $username;
          header('location: index.php');
          I printed my username on the session and redirected it to the homepage
        }

  Quote

KARABAY A, 2021 . CLOSING PHP PDO SQL INDEX GAP,

https://www.karabayyazilim.com/blog/php/php-pdo-sql-injection-acigi-kapatma-2019-02-06-070009

(Accessed February 06, 2019).


  Share this post

Comments (0)

Comment

Subscribe
Sign up for the email newsletter to be the first to know about my blog posts