SHOW:
|
|
- or go back to the newest paste.
| 1 | - | // This is functionally equivalent... |
| 1 | + | <? |
| 2 | - | $query = $pdo->query("SELECT foo FROM bar WHERE id = {$_GET['id']}");
|
| 2 | + | |
| 3 | - | $results = $query->fetchAll(); |
| 3 | + | $version = "Derogatory Diamondback"; |
| 4 | ||
| 5 | - | // To this |
| 5 | + | // Exploiting Egg-Eater |
| 6 | - | $query = $pdo->prepare("SELECT foo FROM bar WHERE id = :id");
|
| 6 | + | // Festing Fer-de-Lance / Flacid Ferret |
| 7 | - | $query->bindValue(':id', $_GET['id'], PDO::PARAM_INT);
|
| 7 | + | // Guileful Glopher |
| 8 | - | $query->execute(); |
| 8 | + | // Heartbreaking Hognose |
| 9 | - | $results = $query->fetchAll(); |
| 9 | + | // Inconsiderate Indigo |
| 10 | // Kicking Keelback | |
| 11 | - | // except the first one is not protected against sql injections at all |
| 11 | + | // Lancehead |
| 12 | // Mysterious Mamba | |
| 13 | ||
| 14 | ?> |
