Easy
Question: Identify which code snippet has an SQL injection vulnerability:
Code A:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = " . $id;
$result = $pdo->query($sql);
?>
Code B:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = :id";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
?>
Author: Lucas JAHIERStatus: PublishedQuestion passed 77 times
Edit
2
Community EvaluationsNo one has reviewed this question yet, be the first!
3
How to improve the security of your infrastructure?3
How to securely store secrets in a microservice architecture?4
What is the name of the discipline that aims to build a system that can withstand unpredictable changes?4
What is the Zero Trust security model?2
What are the main objectives of a Security Information and Event Management (SIEM) system?3
What is DevSecOps?3
List the top 10 most common web security vulnerabilities.