I want to make my code as safe as possible from any type of

Question

0

Asked: June 13, 20262026-06-13T13:09:33+00:00 2026-06-13T13:09:33+00:00

I want to make my code as safe as possible from any type of

0

I want to make my code as safe as possible from any type of attack I was hoping for some insight on the simple code I am using below. Any pointers on how to make it safer if it is vulnerable and why would be awesome. I have read that using prepared statements is the best practice to safeguard against attacks.

<?php 

    try {
    $conn = new PDO('mysql:host=localhost;dbname=test', 'user', 'XXXXX');
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $stmt = $conn->prepare('INSERT INTO people (name, email) VALUES (:name, :email)');

    $stmt->execute(array(':name' => $_POST['name'], ':email' => $_POST['email']));

    #If one or more rows were returned...

    } catch(PDOException $e){
        echo'ERROR: ' . $e->getMessage();
    }
    echo "Added $_POST[name] with email $_POST[email] succsessfully";
    $conn = null;
    ?>

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-13T13:09:35+00:00

Editorial Team

2026-06-13T13:09:35+00:00Added an answer on June 13, 2026 at 1:09 pm

It looks like you’re safe from SQL injection, but you now have issues with XSS in your echo. Make sure you always sanitize / escape user input before its echo’d.

echo "Added $_POST[name] with email $_POST[email] succsessfully";

should become

echo "Added" . htmlspecialchars($_POST['name']) . "with email" . htmlspecialchars($_POST['email']) . "succsessfully";

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I want to make my code as safe as possible from any type of

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply