If you are using Prepared statements in php for all your queries, then do you still need to sanitize user inputs?
Is any other data sanitize required to prevent sql injection or any other kind of security threat from user inputs??
Let’s say if the code is like this:
$query = “INSERT INTO user (name, email, desg, inst, country, address) VALUES (?,?,?,?,?,? )”;
$stmt = $con ->stmt_init();
$stmt -> prepare ($query);
$stmt -> bind_param(‘ssssss’,$name, $email, $desg, $inst, $country, $address);
$stmt ->execute();
Last edited by aditya2012; Today at 02:40 PM.
This entry passed through the Full-Text RSS service — if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Posted in 
Tags: 
