PHP PDO Tutorial Part 1 - Prepared Statements - SQL Injection - Full PHP 8 Tutorial

preview_player
Показать описание
In this lesson, you will learn how to connect to the database from PHP using PHP Data Objects or in short PDO. PDO provides data access layer abstraction where common methods can be used to interact with different databases like MySQL, SQLite, and so on. You will learn about prepared statements, what SQL injection is & how it works, how to prevent SQL injection, learn about the difference between binding params by value or by reference, the difference between placeholders & named parameters, emulated prepares & so on.

SOME OF THE WAYS YOU CAN SUPPORT THE CHANNEL
👍 Smash the like button
🤝 Subscribe to the channel & turn the notifications on
💬 Post comments, any feedback is greatly appreciated
THANK YOU!

LESSON 2.30

RESOURCES

CHAPTERS
00:00 - Intro
01:12 - Install/enable PDO MySQL
02:45 - PDO connection
05:52 - Error modes
06:34 - Run queries & fetch data
07:36 - Fetch modes
09:14 - Prepared statements & SQL injection
10:12 - SQL injection example
13:43 - Placeholders, named parameters & the difference between them
18:03 - Bind parameters using bindValue & bindParam
22:18 - Emulated prepares
Рекомендации по теме
Комментарии
Автор

In my years of experience with web development, I finally see that someone shows a practical example of why not using prepared statements is a bad idea. Without too much talking, right to the point.
You might say "oh, but there are countless tutorials out there" - not a lot of them are understandable enough. Stop talking so much, show me a proof of concept and off we go. This is one of them - practical examples, no fuss. If developers were to stick to the point and show proofs of concept, they could rake in thousands for their tutorials.
This is underrated.

ward
Автор

This was extremely comprehensive and useful. A lot of tutorials just assume that stuff will work, but this actually goes into the stuff that could go wrong and why.

BradyRussell-sbng
Автор

This PHP course is the BEST around without any shadow of doubt!!!

rickybarabba
Автор

Great example of SQL injection and the use of PHP PDO overall. I did not know about ATTR_EMULATE_PREPARES, that's really good stuff

federicobau
Автор

So far, the best explanation and demonstration of the sql injection mechanism.

mariomilunovic
Автор

The first video I've come across that really shows what query injection is and why it's dangerous

yinonelbaz
Автор

Enjoyed it every video you have made in this series, the way you have explained its rare in many tutorial.
Love you brother ❤️❤️❤️

sharifurrobin
Автор

Every time I re-watch this video, I am stunned by your dexterity, Gio. Thanks. Many points you made addressed issues that have long repeatedly hurt me. I appreciate

NedumEze
Автор

Jedan od najboljih pojasnjenja PHP PDO-a

ifetmartinovic
Автор

This was extremely informative and useful. I know how to parameterize queries in c# and python, and was surprised at how different It is to do in php. This very clearly explains a lot and I love the injection example. This video allowed me to go from the unsecured stone age of regex-replace to something Secure I can be happy with.

devtest
Автор

Awesome series, haven’t seen anyone like you. Keep it up :)

jessedeboer
Автор

I like how you explain in sql injection. Awesome. I hope you will have a series of web security on writing php such as sql injection, CSRF, XSS etc.

rol
Автор

This channel helped me improve my skills drastically. Thanks!

zhozfem
Автор

Copied some prepared statements in my small procedural php application. Knew that it helped with something called SQL injection but I didn't understand it. Then, I didn't know about the named arguments. I had question marks (?) all over the place. I was having to count them to be sure I had enough when things didn't work. Wow.
This is a lot to take in. Even my computer knows that I'm learn many new things 😂. I want to watch again and again, but since I'm close to the end of section 2, I'm going to move on. I'll be back! (Terminator voice). Thanks Gio

Zubbee
Автор

Wow. That's SQL injection explanation is awesome.. thank you

jeevachaithanyansivanandan
Автор

Thank you for this video, PDO explained vividly

tslife
Автор

GIO are you a teacher?
A wonderfully organized lesson with essential material!
Again, great explanation of PDO connection and setup via Docker :)
Recommended!

tedybg
Автор

Thanks man for the explanation.
Part 2 waiting 💪

abdihakimguliye
Автор

going into the source code of the PDO extension to see if the ":" colon was optional or not
was just 👌🏻☺ I like that

omaryahia
Автор

I found your channel yesterday and it seems great! Are your actual videos sufficient to get started with Laravel (if I watch all and code until the last one)?
Also amazing work!!

adrianstefan