== How to fix it in Core PHP

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,php,diff-id=1,diff-type=noncompliant]
----
class AuthenticationHandler {

    public mysqli $conn;

    function authenticate() {
        $user = $_POST['user'];
        $pass = $_POST['pass'];
        $authenticated = false;

        $query = "SELECT * FROM users WHERE user = '" . $user . "' AND pass = '" . $pass . "'";

        $stmt = $this->conn->query($query); // Noncompliant

        if ($stmt->num_rows == 1) {
          $authenticated = true;
        }

        return $authenticated;
    }
}
----

==== Compliant solution

[source,php,diff-id=1,diff-type=compliant]
----
class AuthenticationHandler {

    public mysqli $conn;

    function authenticate() {
        $user = $_POST['user'];
        $pass = $_POST['pass'];
        $authenticated = false;

        $query = "SELECT * FROM users WHERE user = :user AND pass = :pass";

        $stmt = $this->conn->prepare($query);
        $stmt->bind_param(":user", $user);
        $stmt->bind_param(":pass", $pass);
        $stmt->execute();

        $stmt->store_result();

        if ( $stmt->num_rows == 1) {
          $authenticated = true;
        }

        return $authenticated;
    }
}
----

=== How does this work?

include::../../common/fix/prepared-statements.adoc[]