Medium
Question: Identify which code snippet has an SQL injection vulnerability:
Code A:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = " . $id;
$result = $pdo->query($sql);
?>
Code B:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = :id";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
?>
Author: Lucas JAHIERStatus: PublishedQuestion not yet passed
Edit
1
Community EvaluationsNo one has reviewed this question yet, be the first!