0
0
PHPprogramming~10 mins

Preventing injection with prepared statements in PHP - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to prepare a SQL statement.

PHP
$stmt = $conn->[1]("SELECT * FROM users WHERE id = ?");
Drag options to blanks, or click blank then click option'
Aprepare
Bexecute
Cquery
Dfetch
Attempts:
3 left
💡 Hint
Common Mistakes
Using query() instead of prepare() causes no protection against injection.
Calling execute() before prepare() is incorrect.
2fill in blank
medium

Complete the code to bind a parameter to the prepared statement.

PHP
$stmt->[1]("i", $userId);
Drag options to blanks, or click blank then click option'
Aprepare
Bexecute
Cfetch
Dbind_param
Attempts:
3 left
💡 Hint
Common Mistakes
Using execute() instead of bind_param() skips binding variables.
Calling fetch() before execute() is incorrect.
3fill in blank
hard

Fix the error in executing the prepared statement.

PHP
$stmt->[1]();
Drag options to blanks, or click blank then click option'
Abind_param
Bexecute
Cprepare
Dquery
Attempts:
3 left
💡 Hint
Common Mistakes
Calling prepare() again instead of execute() causes errors.
Using query() on a prepared statement is invalid.
4fill in blank
hard

Fill both blanks to fetch the result from the executed statement.

PHP
$stmt->[1]();
$stmt->[2]($name);
Drag options to blanks, or click blank then click option'
Astore_result
Bfetch
Cbind_result
Dexecute
Attempts:
3 left
💡 Hint
Common Mistakes
Calling fetch() before execute() causes errors.
Not binding results makes it impossible to read data.
5fill in blank
hard

Fill all three blanks to safely query and fetch a user's name by id.

PHP
$stmt = $conn->[1]("SELECT name FROM users WHERE id = ?");
$stmt->[2]("i", $id);
$stmt->[3]();
Drag options to blanks, or click blank then click option'
Aprepare
Bbind_param
Cexecute
Dquery
Attempts:
3 left
💡 Hint
Common Mistakes
Using query() instead of prepare() skips safety.
Forgetting to bind parameters leads to injection risks.
Calling execute() before binding parameters causes errors.