sql injection pada PDO

kurang ngerti @sekarbumi maksud pertanyaannya apa? "hanya dua kata" dua kata apa? dan menggunakan 4 data apa?

Maksud nya gini gan ?

 ("SELECT * FROM users WHERE username = ? AND email = ? AND password = ? AND password_verify = ?")

Bisa kok gituu mbak.. kecuali pake OR harus nentuin dulu sesuai kebutuhan mbak dengan tanda kurung.. Misal :

 ("SELECT * FROM users WHERE username = ? AND email = ? AND ( password = ? OR password_verify = ?)")

kenapa masih gagal ya mas dodi? ini hasil errornya mas

Notice: Undefined variable: username in C:\xampp\htdocs\falah\register.php on line 24

Notice: Undefined variable: email in C:\xampp\htdocs\falah\register.php on line 24

Notice: Undefined variable: password in C:\xampp\htdocs\falah\register.php on line 24

Notice: Undefined variable: password2 in C:\xampp\htdocs\falah\register.php on line 24

Fatal error: Uncaught PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'email' in 'where clause' in C:\xampp\htdocs\falah\register.php:24 Stack trace: #0 C:\xampp\htdocs\falah\register.php(24): PDOStatement->execute(Array) #1 {main} thrown in C:\xampp\htdocs\falah\register.php on line 24

disitu katanya unknown column `email`

coba cek lagi query nya

"SELECT * FROM `users` WHERE `username`= '$username' AND `email`<--kemungkinan ada disini = '$email' AND `password` = '$password' AND `password_verify` = '$password_verify'";

Coba tampilin kode mu disini mbak..

terimakasih mas @punyaarn

bagaimana caranya nampilin kode saya diforum ini mas dod, kaya yang pernah mas dodi tampiliin itu mas? saya masih bingung mas

pertama klik ini

setelah ituu masukin kode disini

 <?php
session_start();

$link = new mysqli ('localhost', 'root', '');
$sql = "CREATE DATABASE authentication";
$link->query($sql);

$server = 'localhost';
$user = 'root';
$pass  = '';
$db = 'authentication';

try {
$conn = new PDO ("mysql:host=$server;dbname=$db", $user, $pass);
$conn->setAttribute (PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// echo 'Berhasil';
} catch (PDOException $se) {
  echo $se->getMessage();
}

if (isset($_POST['register'])) {
     //session_start();
     $query = $conn->prepare("SELECT * FROM users WHERE username = ? AND email = ? AND password = ? AND password2 = ?");
     $query-> execute(array($username, $email, $password, $password2));
     $query-> bindValue(PDO::PARAM_STR);

    if ($password == $password2) {
        $password = password_hash($password, PASSWORD_DEFAULT);
        $sql = "INSERT INTO users (username, email, password) VALUES ('$username', '$email', '$password')";
        $conn->query($sql);
        $_SESSION['message'] = "You are now logged in";
        $_SESSION['username'] = $username;
        header ('location: home.php');
    } else {
        $_SESSION['message'] = 'The two password do not match';
    }
}

?>

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title></title>
    <link rel="stylesheet" href="style.css">
  </head>
  <body>
    <div class="header">
      <h1>Salma Zur'atul Falah</h1>
    </div>

    <form class="kelas" action="register.php" method="post">
      <table>
        <tr>
          <td>Username</td>
          <td><input type="text" name="username" class="textInput"></td>
        </tr>
        <tr>
          <td>Email</td>
          <td><input type="email" name="email" class="textInput"></td>
        </tr>
        <tr>
          <td>Password</td>
          <td><input type="password" name="password" class="textInput"></td>
        </tr>
        <tr>
          <td>Password Confirm</td>
          <td><input type="password" name="password2" class="textInput"></td>
        </tr>
        <tr>
          <td></td>
          <td><input type="submit" name="register" value="Register" class="register"></td>
        </tr>
      </table>
    </form>

  </body>
</html>

itu kodenya mas

mohon dikoreksi ya mas dod :)

Coba pelajari ini mbak.. ada kesalahan di variable username, email dan lain2.

https://sekolahkoding.com/kelas/belajar-pdo-database-php/video/prepared-statement-pdo

terimakasih banyak mas dodi :)