query parameterization to avoid SQL injection

Asked Jan 18 '16 at 09:04

Active Jan 18 '16 at 09:04

Viewed 32 times

I am new to this, can anyone help me please?

it was said to me that SQL injection exploit can read sensitive data from the database with this way of coding. and I need to parameterize the SQL queries so that the application is not vulnerable to SQL Injection. can someone help me with that?

if(isset($_GET['n']))
      {
      $id=$_GET['n'];
 $query= mysql_query("select * from announcements where announce_id=" . $id);
 while($row= mysql_fetch_array($query))

this should do this for example: announcement.php?ann=223

thank you very much

asked Jan 18 '16 at 09:04

A. S.

Related: http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – Alessandro Da Rugna Jan 18 '16 at 09:05
I would advise you to switch to a different database driver for starters. take a look at MySQLi or PDO. – sushibrain Jan 18 '16 at 09:05

query parameterization to avoid SQL injection

0 Answers0