UPWORK TEST ANSWER OF 2022: php5 upwork test answer | What is the best practice for running MySQL queries in PHP? Consider the risk of SQL injection.

Tuesday, June 30, 2015

php5 upwork test answer | What is the best practice for running MySQL queries in PHP? Consider the risk of SQL injection.

What is the best practice for running MySQL queries in PHP? Consider the risk of SQL injection.

Answers:

• Use mysql_query() and variables: for example: $input = $_POST['user_input']; mysql_query("INSERT INTO table (column) VALUES ('" . $input . "')");

• Use PDO prepared statements and parameterized queries: for example: $input= $_POST["user-input"] $stmt = $pdo->prepare('INSERT INTO table (column) VALUES (":input"); $stmt->execute(array(':input' => $input));

• Use mysql_query() and string escaped variables: for example: $input= $_POST["user-input"] $input_safe = mysql_real_escape_string($input); mysql_query("INSERT INTO table (column) VALUES ('" . $input. "')");

• Use mysql_query() and variables with a blacklisting check: for example: $blacklist = array("DROP","INSERT","DELETE"); $input= $_POST["user-input"] if (!$array_search($blacklist))) mysql_query("INSERT INTO table (column) VALUES ('" . $input. "')");

UPWORK TEST ANSWER OF 2022

Tuesday, June 30, 2015

php5 upwork test answer | What is the best practice for running MySQL queries in PHP? Consider the risk of SQL injection.

What is the best practice for running MySQL queries in PHP? Consider the risk of SQL injection.

• Use PDO prepared statements and parameterized queries: for example: $input= $_POST["user-input"] $stmt = $pdo->prepare('INSERT INTO table (column) VALUES (":input"); $stmt->execute(array(':input' => $input));

No comments:

HTML5 Upwork (oDesk) TEST ANSWERS 2022

Disqus for upwork test answers