How can I prevent SQL-injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example:

That’s because the user can input something like value'); DROP TABLE table;--, and the query becomes:

INSERT INTO table (column) VALUES(‘value’); DROP TABLE table;–‘)

What can be done to prevent this from happening? Continue reading “How can I prevent SQL-injection in PHP?”