You should take care below concepts while submitting forms with insert query.
1) Use proper JS validations before sending data to server
2) Use the PDO class always to connect with DB
$dsn = 'mysql:hostname=' . $hostname . ';dbname=' . $dbname;
$pdo = new PDO($dsn, $dbusername, $dbpassword);
But you can use try...catch statement to get clear error message in case if any.
$dsn = "mysql:host=localhost;dbname=2024php";
try {
$pdo = new pdo($dsn, 'root', '');
} catch (PDOException $e) {
echo $e->getMessage();
}3) Encrypt password if any using password_hash() function
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
if(password_verify($password, $hashed_password)) {
// If the password inputs matched the hashed password in the database
// Do something, you know... log them in.
}4) Check if any values are empty or not (server-side checking) – in case if js is disabled by the browser
if (!empty($_POST['username'])) {
// Do filter sanitization
}5) Do Variable Sanitization either by filter_var or Filter_input. First, do with Filter_input before assigning input data to any variable.
$name = filter_input(INPUT_POST, 'yourname', FILTER_SANITIZE_SPECIAL_CHARS);
$emailid = filter_input(INPUT_POST, 'emailid', FILTER_SANITIZE_EMAIL);6) Use prepare & Bild function of PDO class to insert or update any values;
$query = 'INSERT INTO `posts` (`post_id`, `post_title`, `post_image`, `post_content`, `post_cat`, `post_tags`, `post_date`, `post_status`, `post_created_on`) VALUES (NULL, :posttitle, :postimage, :postcontent, :postcat, :posttag, :postdate, :poststatus, now())';
$stmt = $pdo->prepare($query);
$stmt->bindValue(":posttitle", $posttitle);
$stmt->bindValue(":postimage", $postimage);
$stmt->bindValue(":postcontent", $postcontent);
$stmt->bindValue(":postcat", $postcat);
$stmt->bindValue(":posttag", $posttag);
$stmt->bindValue(":postdate", $postdate);
$stmt->bindValue(":poststatus", $poststatus);
$result = $stmt->execute();Thank you!