bugzy Posted July 21, 2012 Share Posted July 21, 2012 Newbie question.. Right now I only have mysql_real_escape_string to my update and delete statements I wonder if select statement is still prone to a sql attack? For example like this.. Select * from table_sample It isn't part of the form. How would I able to secure it? Quote Link to comment Share on other sites More sharing options...
fenway Posted July 21, 2012 Share Posted July 21, 2012 Any query that doesn't accept user input isn't prone to sql injection attacks -- there's nothing to inject. Quote Link to comment Share on other sites More sharing options...
bugzy Posted July 21, 2012 Author Share Posted July 21, 2012 Thanks fenway.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.