If user input is inserted without modification into an SQL query, then the application becomes vulnerable to <a href="https://stackoverflow.com/a/332367/" target="_blank">SQL injection</a>, like in the following example:
If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example:
$unsafe_variable = $_POST['user_input'];
column) VALUES ('$unsafe_variable')");
That's because the user can input something like
value'); DROP TABLE table;--, and the query becomes:
column) VALUES('value'); DROP TABLE table;--')
What can be done to prevent this from happening?
Skenix Infotech is a top CakePHP Website Development Company that offers feature-rich CakePHP Development Services. Hire expert CakePHP Developers from Skenix.
Skenix Infotech is one of the most committed, expert and affordable **[CakePHP Development Company](https://www.skenix.com/cakephp-website-development/ "CakePHP Development Company")** in India and USA providing a broad range of CakePHP Services....
Complete MySQL Course: Beginner to Advanced. MySQL Tutorial - Learn MySQL from scratch and go from beginner to advanced in MySQL.