Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Basic SQL Injections?

I was told in a previous question that my query is prone to SQL injections.

get_stats = mysql_query("SELECT * 
                               FROM visitors 
                              WHERE site='$_GET[site]' 
                                AND date BETWEEN '$start_date' AND '$end_date' ");

What would be the easiest way to approach this problem? And do you have some further reading on the subject of injections? (something that I might miss on Google). Thanks!

like image 852
Norbert Avatar asked Nov 28 '22 23:11

Norbert


1 Answers

Use Prepared Statements.

In most cases, Prepared Statements do the job of combining your query with your parameters, in a safe manner.

like image 200
RichieHindle Avatar answered Dec 11 '22 09:12

RichieHindle