From the course: PHP: Object-Oriented Programming with Databases
Join today to access over 24,100 courses taught by industry experts.
Sanitize values for database - PHP Tutorial
From the course: PHP: Object-Oriented Programming with Databases
Sanitize values for database
- [Instructor] Eagle-eyed observers may have noticed that we have a problem inside our project. That is, that we've not been sanitizing the data before we submit it to the database and our SQLSTATE. That's an important step. Let's say, for example, that I had an insert statement that looked something like this. I've got values for brand, model, and year that are Faker, Mike's Bike, and 2017. There's a problem with that second value, Mike's Bike. Notice that Mike's Bike is being delimited on either end by single quotes, but it also contains a single quote inside of it. SQL is going to think that the value that's being submitted is everything from the first single quote up until the single quote that's between the e and the s. Instead, we need to escape that value, so that SQL will know that it's not a meaningful character, that it's not a delimiter, that it's actually part of the text. We do that by putting a backslash in front of it. That escapes the single quote, and renders it…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
CRUD operations5m 59s
-
Create a record9m 35s
-
(Locked)
Dynamic attribute list7m 59s
-
(Locked)
Sanitize values for database4m 40s
-
(Locked)
Find record to update8m 34s
-
(Locked)
Update a record11m 30s
-
(Locked)
HTML forms for OOP5m 38s
-
(Locked)
Validations and errors8m 22s
-
(Locked)
Delete a record7m 21s
-
(Locked)
Create inheritable code11m 12s
-
(Locked)
-
-
-