أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.
Use parameterized queries
There are basically two main methods to prevent sql injection attacks.
Make a function like this
<?php
function BlockSQLInjection($str)
{
return str_replace(array(“‘”,”””,”‘”,'”‘),array(“‘”,”"”‘”,”"”,$str));
}
?>
str_replace() function will replace all characters in the string
Another method is to use prepared statement to execute sql queries.
You can also prevent php sql injection attacks by removing unused stored procedures.