PDO sanitize?
Posted: 11. May 2018 15:26
Okay, I have just started learning PDO and was curious if the below code is safe and secure? I"m used to doing the mysqli_real_escape_string, so all new to me. From what I've read online, I think it's secure, but never hurts to ask. Also, if this isn't the place, please let me know and I'll search another forum. Thank you and sorry if it's out of line.
Thank you much!
- Code: Select all
<?php
if(isset($_POST['register']))
{
include_once('dbconnection.php');
// get values form input text and number
$fname = $_POST['uname'];
// mysql query to insert data
$sql = "INSERT INTO `tbl_users`(`username`) VALUES (:fname)";
$result = $con->prepare($sql );
$query = $result->execute(array(":fname"=>$fname));
// check if mysql insert query successful
if($query)
{
echo 'Data Inserted';
}else{
echo 'Data Not Inserted';
}
}
?>
Thank you much!