I've used a prepared statement when inserting into the database. How can I test that the it prevents SQL injections using PHP and MySQL?
Here's the code:
$addQuery = "INSERT INTO Test(firstName, lastName) VALUES(?,?)";
$addStatement = $this->dbc->prepare($addQuery);
$addStatement->bind_param('ss', 'Test', 'Test');
$addStatement->execute()