This question already has an answer here:
- How can I prevent SQL injection in PHP? 28 answers
Below shows the php code that I am using to register users into the system. I want to make it secure using prepare statement. Please help me on how to put prepare method to make it secure.
if (!isset($_POST['submit'])) {
$user_name = $_POST['username'];
$user_password = crypt($_POST['password']);
$user_email = $_POST['email'];
if($user_name && $user_password && $user_email)
{
// register user
$query = mysql_query("INSERT INTO users (username, password, email, type)
VALUES ('$user_name', '$user_password', '$user_email', '0')");
mysql_query($query);
}
}
</div>