0
0
PHPprogramming~5 mins

Preventing injection with prepared statements in PHP - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is SQL injection?
SQL injection is a security risk where attackers insert harmful SQL code into input fields to manipulate or access the database in unauthorized ways.
Click to reveal answer
beginner
What are prepared statements in PHP?
Prepared statements are a way to safely run SQL queries by separating the SQL code from the data, which helps prevent SQL injection.
Click to reveal answer
intermediate
How do prepared statements prevent SQL injection?
They treat user input as data only, never as part of the SQL command, so harmful code can't change the query's meaning.
Click to reveal answer
beginner
Show a simple PHP example using prepared statements to insert a username safely.
$pdo = new PDO($dsn, $user, $pass); $stmt = $pdo->prepare('INSERT INTO users (username) VALUES (:username)'); $stmt->execute(['username' => $inputUsername]);
Click to reveal answer
beginner
Why is it unsafe to directly insert user input into SQL queries?
Because attackers can add SQL code in the input that changes the query, leading to data leaks, data loss, or unauthorized access.
Click to reveal answer
What does a prepared statement do in PHP?
ASeparates SQL code from data to prevent injection
BAutomatically encrypts the database
CDeletes user input before running SQL
DRuns SQL queries faster by caching
Which PHP function is used to prepare a SQL statement?
Aprepare()
Bexecute()
Cquery()
Dfetch()
Why should you avoid inserting user input directly into SQL strings?
AIt uses more memory
BIt makes the code run slower
CIt can cause SQL injection attacks
DIt is harder to read
What does the execute() method do in prepared statements?
ACloses the database connection
BRuns the prepared SQL query with given data
CPrepares the SQL query
DFetches results from the database
Which of these is a benefit of using prepared statements?
AEncrypts user passwords
BAutomatically backs up the database
CMakes the website load faster
DPrevents SQL injection
Explain how prepared statements help prevent SQL injection in PHP.
Think about how the database sees the input versus the command.
You got /3 concepts.
    Describe the steps to safely insert user input into a database using prepared statements in PHP.
    Remember the order: connect, prepare, execute.
    You got /3 concepts.