Preparing and then binding parameters? Yes and also you can use addslashes method in PHP it gives a backslash before characters and this protects you from SQL Injection ...
php.net/manual/en/function.addslas... The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Prepared statements has pretty much solved this problem
Preparing and then binding parameters? Yes and also you can use addslashes method in PHP it gives a backslash before characters and this protects you from SQL Injection ...
addslashes don't prevent SQL injection.
php.net/manual/en/function.addslas...
The addslashes() is sometimes incorrectly used to try to prevent SQL Injection. Instead, database-specific escaping functions and/or prepared statements should be used.