manix Posted October 23, 2011 Share Posted October 23, 2011 Do I need to escape variables passed via link? Is it possible that someone does an SQL Injection via unescaped $_GET variable? (Yes I am using it in an SQL query, not inserting it into a DB tho) Link to comment https://forums.phpfreaks.com/topic/249630-escaping-_get/ Share on other sites More sharing options...
awjudd Posted October 23, 2011 Share Posted October 23, 2011 Yes you do. Anything from the user should be sanitized. ~juddster Link to comment https://forums.phpfreaks.com/topic/249630-escaping-_get/#findComment-1281523 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.