Tag : sql injection

Question: The objective of the question is to have one or several well-constructed answers that serve as reference when the extension is being used mysql_*in the code. Answering questions here in Stackoverflow I am surprised at the number of users who still maintain code that includes the API or extension mysql_*to handle the data, although in the PHP ..

Read more

Question: Dynamic statements are SQL statements that are created as text strings (strings) and in which values ​​derived from a source (usually from the user) are inserted / concatenated, which can make them vulnerable to SQL injection if they are not sanitized the entries, such as: $id_usuario = $_POST[“id”]; mysql_query(“SELECT * FROM usuarios WHERE id ..

Read more