I dont want to be hacked into oblivion
From what I understand, passing raw user input into SQL queries makes me vulnerable, for example:
$scary_stuff = $_POST['user_input'];
mysql_query("INSERT INTO `table` (`column`) VALUES ('$scary_stuff')");
That's because the user can input something like value'); DROP TABLE table;--
, and the query becomes:
INSERT INTO `table` (`column`) VALUES('value'); DROP TABLE table;--')
What can be done to prevent this from happening?
Drawing on the programming gods of steem: @miohtama @romanskv @jl777 @grz @qkyrie @kkaos