How to Block SQL Injection Attacks in PHP

Website inputs that feed directly into SQL queries are prime targets for SQL injection (SQLI) attacks.

If we don’t sanitize text inputs before executing queries against our SQL database, we might allow an attacker to steal sensitive data from our system with very minimal effort.

Thankfully, using the ready-to-run PHP code examples provided below, we can call a free API that checks text input for SQL Injection attacks. We can use the response from this service to block SQL injection attacks before they execute against our database.

To install the client SDK with Composer, we can use the following command:

composer require cloudmersive/cloudmersive_security_api_client

And to call the SQLI threat scanning function, we can copy from the below PHP code:

<?php
require_once(__DIR__ . '/vendor/autoload.php');

// Configure API key authorization: Apikey
$config = Swagger\Client\Configuration::getDefaultConfiguration()->setApiKey('Apikey', 'YOUR_API_KEY');



$apiInstance = new Swagger\Client\Api\ContentThreatDetectionApi(
    
    
    new GuzzleHttp\Client(),
    $config
);
$value = "value_example"; // string | User-facing text input.

try {
    $result = $apiInstance->contentThreatDetectionCheckSqlInjectionString($value);
    print_r($result);
} catch (Exception $e) {
    echo 'Exception when calling ContentThreatDetectionApi->contentThreatDetectionCheckSqlInjectionString: ', $e->getMessage(), PHP_EOL;
}
?>

We’ll just need a free Cloudmersive API key to authorize our API calls, and we’ll be able to make up to 800 SQLI scans each month with zero commitments.

No more code required! Now we can easily implement an important layer of content security for our PHP application.