I want to prevent SQL injection in Question2Answer.
This is how I store data in MySQL via HTML form. I know it's a security risk.
Examples -
$price = $_POST['price'];
OR
$price = array_key_exists('price', $_POST) ? $_POST['price'] : "";
and SQL query is -
$insertqry = qa_db_query_sub("INSERT INTO test_table (title, price) VALUES ('$title','$price')");
How should I post data in the latest PHP 7 and above version?
I think escaping strings is deprecated or outdated.
Based on what little information I can find you need to use qa_db_query_sub with placeholder values:
qa_db_query_sub("INSERT INTO test_table (title, price) VALUES ($,$)", $title, $price);
You will want to check with the official documentation, which I can't find, to be sure that's correct.
As a note, if you're trying to build a full application I'm not sure this platform is the best to build on top of. There are a lot of other frameworks that are much better documented and have a lot more community support.