PHPize Online / SQLize Online  /  SQLtest Online

A A A
Share      Blog   Popular
Copy Format Clear
Copy Clear
Copy Format Clear
<?php $pdo->query("create table users (id int, name varchar(100))"); $pdo->query("insert into users (id,name) values (1,'Bobby Tables')"); $id = "id;drop table users"; echo "Prepares are safe:\n"; $stmt = $pdo->prepare("select name from users where id=?"); $stmt->execute([$id]); echo $pdo->query("select name from users")->fetchColumn(),"\n\n"; echo "And here goes escaping:\n"; $id = mysqli_real_escape_string($mysqli, $id); $stmt = $pdo->query("select name from users where id=$id"); echo $pdo->query("select name from users")->fetchColumn(),"\n";
Show:  
Copy Clear