Question from the Cybersec for techs : reinforce your basics test

How to prevent SQL injection in PHP?

Easy

Question: Identify which code snippet has an SQL injection vulnerability:

Code A:

<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');

$id = $_GET['id'];

$sql = "SELECT * FROM users WHERE id = " . $id;
$result = $pdo->query($sql);
?>

Code B:

<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');

$id = $_GET['id'];

$sql = "SELECT * FROM users WHERE id = :id";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
?>
Author: Lucas JAHIERStatus: PublishedQuestion passed 11 times
Edit
2
Community Evaluations
developer avatar
Dragon parfait
08/11/2024
Moi je trouve ça bien qu'on ait une question PDO. Peut-ĂȘtre qu'on peut en ajouter d'autres similaires avec d'autres langages