Is my PDO Insert Query safe from SQLi?

Asked Nov 02 '16 at 17:14

Active Nov 02 '16 at 17:14

Viewed 21 times

I'm new to PDO, and I was wondering if my code is safe from SQL Injection, and if there's something I can improve to make it safer or even cleaner.

$statement = $pdo->prepare("INSERT INTO login_users (username, user_level, name, email, password, expires)
        VALUES(:username, :user_level, :name, :email, :password, :expires)");
    $statement->execute(array(
        "username" => $_POST['username'],
        "user_level" => $_POST['user_level'],
        "name" => $_POST['name'],
        "email" => $_POST['email'],
        "password" => $_POST['val-password'],
        "expires" => $_POST['expires'] . ' ' . $_POST['default-hours']
    ));

asked Nov 02 '16 at 17:14

Vinny

1

You need to learn what SQL injection is, and then you'll be able to trivially decide if you're safe or not. **THIS** particular query is "safe", but we're not here to double-check every single query you write. Once you know the concepts and understand the problem, you won't need us to hold your hand. – Marc B Nov 02 '16 at 17:16
Thanks, I will start learning about it. – Vinny Nov 02 '16 at 17:35

Is my PDO Insert Query safe from SQLi?

0 Answers0