Understanding PHP MySQL Prepared Statements Security

Asked 1 years ago, Updated 1 years ago, 111 views

I made the following prepaid statement.
id:int type, name:varcher type, area:int type.
Assume area is a number from 1 to 10 that represents the position where you live.
For example, 1=Kanto, 2=Kansai, 3=Shikoku, ...

In this case, how do I retrieve user data for all regions?

For example, 

 if($area==0){
  $db->query("SELECT id, name FROM user");
} else {
  $ps=$db->prepare("SELECT id, name FROM user WHERE area=:area");
  $ps->bindValue(':area', (int)$area, PDO::PARAM_INT);
  $ps->execute();
}

Is there no security problem with this?

php mysql security

2022-09-30 21:17

1 Answers

In conclusion, I think there is no problem with implementing the contents.

$db->query("SELECT id, name FROM user");

I don't think there are any security issues mentioned above.
*As this is a sample, I will leave the details behind.

If you want to summarize it in one SQL, I think you can do it by using the OR clause.

2022-09-30 21:17

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

519 Unable to install versioned in Google Colab

520 Scrap text information after the "View More" button when searching in the Yahoo! News search window

928 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

514 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

504 Understanding How to Configure Google API Key

© 2024 OneMinuteCode. All rights reserved.