Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

21. Database Operations & Security

Lesson 18 of 29 in the free PHP Programming notes on Siksha Sarovar, written by Rohit Jangra.

Grid / Data Grid Options (Tabular Display)

Data grid means displaying database records in table format.

Common Grid Features

  • View records
  • Edit / Delete buttons
  • Sorting
  • Paging (Pagination)

Example: Display Records in Table

echo "<table border='1'>";
echo "<tr><th>ID</th><th>Name</th></tr>";

while($row = mysqli_fetch_assoc($result)){
   echo "<tr>";
   echo "<td>".$row['id']."</td>";
   echo "<td>".$row['name']."</td>";
   echo "</tr>";
}
echo "</table>";
Exam Line: Data grids are used to display database records in tabular format.

---

SQL Injection

SQL Injection is a security attack where malicious SQL code is inserted into input fields.

Example of SQL Injection

' OR '1'='1

Unsafe Query

$sql = "SELECT * FROM users WHERE username='$u' AND password='$p'";

---

Prevention of SQL Injection

1. Prepared Statements

$stmt = mysqli_prepare($conn, "SELECT * FROM users WHERE username=?");
mysqli_stmt_bind_param($stmt, "s", $u);
mysqli_stmt_execute($stmt);

2. Input Validation

  • Use filter_input()
  • Use RegEx
Exam Definition: SQL Injection is a technique to manipulate database queries using malicious input.