Understanding PHP MySQL Prepared Statements Security

Asked 2 years ago, Updated 2 years ago, 148 views

I made the following prepaid statement.
id:int type, name:varcher type, area:int type.
Assume area is a number from 1 to 10 that represents the position where you live.
For example, 1=Kanto, 2=Kansai, 3=Shikoku, ...

In this case, how do I retrieve user data for all regions?

For example, 

 if($area==0){
  $db->query("SELECT id, name FROM user");
} else {
  $ps=$db->prepare("SELECT id, name FROM user WHERE area=:area");
  $ps->bindValue(':area', (int)$area, PDO::PARAM_INT);
  $ps->execute();
}

Is there no security problem with this?

php mysql security

2022-09-30 21:17

1 Answers

In conclusion, I think there is no problem with implementing the contents.

$db->query("SELECT id, name FROM user");

I don't think there are any security issues mentioned above.
*As this is a sample, I will leave the details behind.

If you want to summarize it in one SQL, I think you can do it by using the OR clause.

2022-09-30 21:17

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

581 PHP ssh2_scp_send fails to send files as intended

609 GDB gets version error when attempting to debug with the Presense SDK (IDE)

578 Understanding How to Configure Google API Key

910 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

1022 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

© 2024 OneMinuteCode. All rights reserved.