Jump to content

PHP MySQL Prepared Statements


Recommended Posts


https://www.w3schools.com/php/php_mysql_prepared_statements.asp says


Prepared statements are very useful against SQL injections.

That's true, but it might worth mentioning, that setting a charset (e.g. $conn->set_charset("utf8")) is important, since it can make prepared statements vulnerable to injections. 

For an example injection and explanation take a look here: https://stackoverflow.com/a/12202218/1988569

Stay safe,

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...