Prevent SQL Injection in PHP?


Recently I got an idea. If a user input a exact SQL query then it can be SQL injection. To make it clear I am giving an example:

$known_var = $_POST['user_input']; 
mysql_query("INSERT INTO `table` (`column`) VALUES ('$known_var')");

But if the user want to input something like this:

INSERT INTO `table` (`column`) VALUES('values'); DROP TABLE table;--')

It is obviously very unsecure for SQL based database.
What can actually be done to prevent this Query Ingection?

Prevent SQL Injection in PHP?
5 (100%) 5 vote[s]

Steve-baker 1 year 0 Answers 193 views Novice 0

Leave an answer

About Steve-bakerNovice