Easy
Question: Identify which code snippet has an SQL injection vulnerability:
Code A:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = " . $id;
$result = $pdo->query($sql);
?>
Code B:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = :id";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
?>
Author: Lucas JAHIERStatus: PublishedQuestion passed 96 times
Edit
2
Community EvaluationsNo one has reviewed this question yet, be the first!
4
What is the Zero Trust security model?3
How to improve the security of your infrastructure?4
How to securely store secrets in a microservice architecture?3
List the top 10 most common web security vulnerabilities.4
What is the name of the discipline that aims to build a system that can withstand unpredictable changes?3
What is DevSecOps?4
What are some security best practices when using containers?