PHP For Beginners, Ep 20 - SQL Injection Vulnerabilities Explained

still can't imagine why u have low number of subscribers, you deserve more

genephillip

Thank you Jeff! 🙌🏾 you are such a great instructor man.

sibow

Thank you Jeff! You are the best instructor on earth! 🌎

SleepyChoco

Hey, i really enjoyed this as php beginer. massive respect for the instructor, Jeff!

ahmedi_zakid

Very detail explanation! I mean I know we need to always secure and everything but I also need to know why and how the logic works. Thank you!

umiamira

please create a series in php design patterns

wcprogramming

Just wondering about injecting DROP and other potentially dangerous commands. If we create a new user for the public to use without privileges to do those things, would those injections still pose a security threat?

longrolstral

Hi. I couldn't understand why did it work ?. Can you please clarify as we are still passing the same $id value in the execute()

techietoons

Never inline user data into query strings 👍

khalidelgazzar

How about $id = intval($_GET['id']); and then inline it into the query? It looks safe to me, isn't it?

razvbir

Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1 in Stack trace: #0 PDOStatement->execute() #1 Database->query('select * from p...') #2 {main} thrown in on line 14
I can't figure it out

muratbadem

i did everything as the same but getting this error if i user the ? or :id method what to do anybody can help?


Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':id' at line 1 in Stack trace: #0 PDOStatement->execute() #1 Database->query(Object(PDOStatement), Array) #2 {main} thrown in on line 17

hassanrezve