<p>I was told in a previous question that my query is prone to SQL injections.</p> <pre class="prettyprint"><code>get_stats = mysql_query("SELECT * FROM visitors WHERE site='$_GET[site]' AND date BETWEEN '$start_date' AND '$end_date' "); </code></pre> <p>What would be the easiest way to approach this problem? And do you have some further reading on the subject of injections? (something that I might miss on Google). Thanks!</p>

Basic SQL Injections?

Tags:

sql

php

mysql

sql-injection

I was told in a previous question that my query is prone to SQL injections.

get_stats = mysql_query("SELECT * 
                               FROM visitors 
                              WHERE site='$_GET[site]' 
                                AND date BETWEEN '$start_date' AND '$end_date' ");

What would be the easiest way to approach this problem? And do you have some further reading on the subject of injections? (something that I might miss on Google). Thanks!