Tag: prepared statements

Prevent SQL injection attacks with prepared statements

Bit of a hot topic lately in my inbox. Here’s what an old, vulnerable query might look like: $expected_data = 1; $query = “SELECT * FROM users where id=$expected_data”; $result = $mysqli->query($query); The problem here is we’re injecting user-submitted data directly into our SQL statement without any sort of escaping or validation. So, a hacker could enter something like this in our form: 1; DROP TABLE users; Changing our full query to: SELECT * FROM users where id=1; DROP TABLE users; Which, as you can probably see, will execute the SELECT statement but then drop our users table. No bueno.

Read More »

A Simple PHP Class For Prepared Statements in MySQLi

Prepared statements are all the rage right now in PHP development… and for good reason. Not only do prepared statements make your queries more secure… they also help future-proof your code by relying more heavily on PHP itself for that security. If you’re not using prepared statements in your queries, you really should be. Here’s a simple class that helps you do just that using MySQLi: I recommend walking through this code and unraveling how it all comes together. There are a few gotchas when using prepared statements in a dynamic way like this. Or you could just check out

Read More »

Should I Use mysqli_real_escape_string With Prepared Statements in PHP?

Graham recently asked me: Do I still need to used mysqli_real_escape_string when used prepared statements in PHP? The simple answer is no. The way it used to work is that you would take form input data, put that into a variable, and inject that data into your MySQL query in order to add that data to the database. Now, a big problem with that is SQL Injection attacks where a hacker could inject SQL code into your query and perform actions on your database… which is something you definitely don’t want. So, the standard solution became using mysql_real_escape_string to sanitize

Read More »

The simple secrets to high-paying freelance clients

What makes clients willing to pay $5,000, $10,000 even $20,000 and up for your services? Download and install my mobile app and I’ll show you. It’s free. Just click the button below:

Clients Like:

Inc. Magazine Logo
Lewis Howes Logo
Ray Edwards Logo

WHAT OTHERS ARE SAYING

Oliver Wainwright

Oliver Wainwright

I’m a fan. I have completed several of John’s courses. I find him very knowledgeable and he has a great delivery.

Aaron Gott

Aaron Gott

John has a particular knack for the development and training of others.

Bob Patterson

Not only is John a very talented programmer and developer, he is also an excellent communicator. He has a talent for taking complex subjects and communicating them in terms that anyone can understand. This is a rare combination. This ability has enabled me to take my skills and knowledge to the next level. Thank you John for for all that you do.

Chris Aitken

He significantly improved my site through his expert knowledge of PHP, CSS and Javascript. Would definitely recommend John to others.

Lori Grant

John did an outstanding job on my project. I highly recommend him and look forward to working with him on future projects.

Xan Barksdale

Xan Barksdale

Very professional worker who is extremely knowledgable in WordPress and Wishlist Member. I would definitely hire again.

Jim DeJonge

Jim DeJonge

John has a relaxed and engaging manner. His advice is solid and the explanations are well thought out.

Bradley Smith

John and I have worked together on numerous projects. John is very quick and efficient and was a pleasure to work with.

Michael Skye

Michael Skye

John is a man of integrity, who gives generously of himself to projects and people he cares about.

Andrew Malone

Andrew Malone

John Morris is exceptional in his ability to give focused insight into Freelancing and starting one’s business. His direct methods inspire confidence in his honesty.

Lewis Howes

John is amazing at building membership sites. He converted one of my sites over from it’s existing (hardly working) platform over to the clean and simple to use WishList membership platform. I highly recommend using John and WishList for any of your membership site needs.

Jason Rumley

Jason Rumley

John has a habit of over-delivering on the expectations he sets up. That’s why he’s the best.

Steve Dimmick

Steve Dimmick

John has provided expert knowledge and advice on multiple occasions that have helped me better serve my clients. John is a Rockstar!