PHP Test

1. What is the best practice for running MySQL queries in PHP? Consider the risk of SQL injection. Answers: Use mysql_query() and variables: for example: $input = $_POST['user_input']; mysql_query("INSERT INTO table (column) VALUES ('" . $input . "')"); Use PDO prepared statements and parameterized queries: for example: $input= $_POST["user-input"] $stmt = $pdo->prepare('INSERT INTO table (column) [...]