Call for Paper - September 2018 Edition
IJCA solicits original research papers for the September 2018 Edition. Last date of manuscript submission is August 20, 2018. Read More

Implementation PDO Parameterized Query to Prevent SQL Injection

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2016
Maksy Sendiang, Ottopianus Mellolo, Maureen Langie

Maksy Sendiang, Ottopianus Mellolo and Maureen Langie. Implementation PDO Parameterized Query to Prevent SQL Injection. International Journal of Computer Applications 149(11):27-31, September 2016. BibTeX

	author = {Maksy Sendiang and Ottopianus Mellolo and Maureen Langie},
	title = {Implementation PDO Parameterized Query to Prevent SQL Injection},
	journal = {International Journal of Computer Applications},
	issue_date = {September 2016},
	volume = {149},
	number = {11},
	month = {Sep},
	year = {2016},
	issn = {0975-8887},
	pages = {27-31},
	numpages = {5},
	url = {},
	doi = {10.5120/ijca2016911619},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}


SQL injection is one of threat to the application connected to the database. By implementing SQL injection attacker can gain full access to the application or database so that it can remove even significant data irresponsibly. Applications that do not validate the user’s input appropriately make them vulnerable against SQL injection. Various methods have been developed to prevent SQL injection each with advantages and disadvantages. Implementation of PDO Parameterized Query properly can prevent SQL injection. . PDO not only provides a method to facilitate the implementation of parameterized queries but also makes the code is portable because the PDO can be used on multiple databases. This paper describes the results of research on the use of PDO Parameterized Query on scheduling application. By using PDO Parameterized Query on this application, making it is not vulnerable to attack that caused by SQL injection.


  1. Yash Tiwari, Mallika Tiwari, “A study of SQL of injection techniques and their prevention methods”, International Journal of Computer Applications (0975-8887), vol 114, no. 17, March 2015.
  2. Bojken Shehu, Aleksander Xhuvani, “A literature review and comparative analyses on SQL injection : vulnerabilities, attcks and their preventation and detection techniques”, IJCSI International Journal of Computer Science Issues, vol 11, issue 4, no. 1, July 2014
  3. The Open Web Application Security Project, “OWASP TOP Project”,
  4. Bharti Nagpal, Naresh Chauhan, Nanhay Singh, “A viable solution to prevent SQL injection attack using SQL injection”, i-manager’s Journal on Computer Science, vol.3, no.3, September – November 2015
  5. Yogesh Bansal, Jin Park, “Multi-hashing for protecting web applications from SQL injection attacks”, International Journal of Computer and Communication Engineering,vol.4,no.3, May 2015
  6. Mandalika G, “Developing MySQL database application with PHP Part 3 : using the PDO extension with MySQL driver”, Maret 2009. URL : /technetwork/systems/articles/mysql-php3-140148.html, diakses tanggal 28 Desember 2015.
  7. Utami E, Raharjo S,”Database Security Model in the Academic Information System”, International Journal of Security and Its Applications. 8:170. 2014
  8. Chen Q, “Compare and study about owing to the three kinds important softwaresdevelop process”, Proceeding of the International Conference on Education Technology and Economic Management (ICETEM). 450-451. 2015


PDO, parameterized query, SQL injection