i was learning the sql injection prevention and after learning it , wanted to see my current code what if it could have an sql injection
here is one of the statements i have in my code
Expand|Select|Wrap|Line Numbers
- $bung_id=$_GET['bung_id'];
- $q_B="SELECT * FROM bungalows WHERE bungalow.bung_id='$bung_id'";
- $r_B=execute($q_B);
Expand|Select|Wrap|Line Numbers
- http://localhost/site/bungalowdetail.php?bung_id=12
regards,
Omer Aslam