![How can I prevent SQL-injection in PHP [SOLVED]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWdNzFA6XJSWKDLCunlMUqLPuGTOMgxL6zmyyhtn8r96h7Zvg9QPilGyDWiCllqsT8D81k19K9oINlVFCyvhZEV2yI41Cd9r1oHRvJcb2LqP-j4BSpBFiK4kIEm5vEEc-E9c2iXu1rH5wG/s1600/How+can+I+prevent+SQL-injection+in+PHP.png "How can I prevent SQL-injection in PHP [SOLVED]")
Following are different 3 ways to prevent from SQL Injection.
1. Using PHP inbuilt Functions.
$name = mysql_real_escape_string($_POST["name"]);
mysql_query("INSERT INTO users VALUES($name)");
2. Use MySqli instead of MySQL. MySqli is far better than MySql because is object oriented MySql.
$stmt = $dbConnection->prepare('INSERT INTO users VALUES(?)');
$name=$_POST["name"];
$stmt->bind_param('s', $name);
$stmt->execute();
3. Using PDO
$stmt = $conn->prepare("INSERT INTO users VALUES(:name)");
$stmt->bindValue(':name', $_POST["name"]);
$stmt->execute();
