manix Posted October 23, 2011 Share Posted October 23, 2011 Do I need to escape variables passed via link? Is it possible that someone does an SQL Injection via unescaped $_GET variable? (Yes I am using it in an SQL query, not inserting it into a DB tho) Quote Link to comment https://forums.phpfreaks.com/topic/249630-escaping-_get/ Share on other sites More sharing options...
awjudd Posted October 23, 2011 Share Posted October 23, 2011 Yes you do. Anything from the user should be sanitized. ~juddster Quote Link to comment https://forums.phpfreaks.com/topic/249630-escaping-_get/#findComment-1281523 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.