Easy
Question: Identify which code snippet has an SQL injection vulnerability:
Code A:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = " . $id;
$result = $pdo->query($sql);
?>
Code B:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = :id";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
?>
Author: Lucas JAHIERStatus: PublishedQuestion passed 69 times
Edit
2
Community EvaluationsNo one has reviewed this question yet, be the first!
3
How to securely store secrets in a microservice architecture?3
What is the name of the discipline that aims to build a system that can withstand unpredictable changes?2
What are the main objectives of a Security Information and Event Management (SIEM) system?4
What is the Zero Trust security model?2
What is DevSecOps?2
List the top 10 most common web security vulnerabilities.3
How to improve the security of your infrastructure?