mostafalaravel
7 months ago

does mysqli prepare prevents sql injection?

Posted 7 months ago by mostafalaravel

Hello ,

I want to know if the Mysqli prepare() could prevent the sql injection ?

$UserInfoQuery = "select Id,Type,IsActive,FirstName,LastName,Title,LanguageCode,Email,Type,TypeExtra,IsAdministrator,IsSuperAdministrator from Users where (Id = ? or Email = ?) and IsDeleted = '0'";
                                    $UserInfoResults = $DbConn->prepare($UserInfoQuery);
                                    $UserInfoResults->execute(array($Parameters[1],$Parameters[1]));

thanks

Please sign in or create an account to participate in this conversation.