Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Ram Ada
360 PointsExplanation on how to sanitize user inputs in PHP to protect against SQL injections?
Can someone explain to me the process for sanitizing a user input. I've found code online for sanitizing inputs, but if someone could explain how each part works that would be appreciated. I'm trying to develop a website for many people and want to understand how to secure the PHP form processing against SQL injections. If not, do you know any websites with a good explanation? Thank you.
3 Answers
James Barnett
39,199 PointsA quick google returns this tutorial getting clean with PHP by nettuts about data sanitation using PHP.
Casey Ydenberg
15,622 PointsIt's a really good idea to make sure you're using the mysqli interface: http://devzone.zend.com/239/ext-mysqli-part-i_overview-and-prepared-statements/. Using prepared statements is by far the cleanest way to avoid SQL injection.
Randy Hoyt
Treehouse Guest TeacherYes, prepared statements are the way to go. I'll be covering how to work with them using PDO in future tutorials.
Randy Hoyt
Treehouse Guest TeacherThat post from James Barnett is a good one. I'm currently working on a set of tutorials for working with PHP and MySQL together using the PHP Data Objects (PDO) in PHP 5.