How Secure Is PHP PDO To SQL Injections?

Asked Oct 22 '20 at 04:45

Active Oct 22 '20 at 04:45

Viewed 20 times

Here's the code I'm using in PHP. I was wondering if it's SQL Injection Proof or I need to do something more to make it more secure to SQL Injections:

$server = "localhost";
$user = "username";
$pass = "password";

try{
$conn = new PDO("mysql:host=$server;dbname=mydatabase", $user, $pass);
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES,false);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $error){
echo 'Something Went Wrong' . $error->getMessage();
}

try{
$items = $conn->prepare("SELECT * FROM menu_items");
$items->execute();
if($items->rowCount() == 0){
echo 'No Data In Records';
}
echo json_encode($items->fetchAll(PDO::FETCH_ASSOC));
}
catch(PDOException $error){
$error->getMessage();
}

asked Oct 22 '20 at 04:45

Kalui

1

Given there's absolutely no external input to this script, I'd say it's pretty safe – Phil Oct 22 '20 at 04:54
Your SQL query is 100% static. The only things that might get injected in your code are server credentials, but I hope you don't prompt the user for them. – Álvaro González Oct 22 '20 at 16:58

How Secure Is PHP PDO To SQL Injections?

0 Answers0