php sql injection. is this safe? [duplicate]
This question already has an answer here:
Should I escape an expected integer value using mysql_real_escape_string
or can I just use (int)$expectedinteger 2 answers
Is this 100% safe code to prevent sql injection?
<?php
$id=$_GET['id'];
if (is_numeric($id))
{
$data=mysqli_query($link,"select name from users where id=$id");
}
?>
No comments:
Post a Comment