Easy
Question: Identify which code snippet has an SQL injection vulnerability:
Code A:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = " . $id;
$result = $pdo->query($sql);
?>
Code B:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=my_database', 'user', 'password');
$id = $_GET['id'];
$sql = "SELECT * FROM users WHERE id = :id";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
?>
Author: Lucas JAHIERStatus: PublishedQuestion passed 189 times
Edit
2
Community EvaluationsNo one has reviewed this question yet, be the first!
3
What is DevSecOps?4
How to detect vulnerabilities in a source code?5
How to securely store secrets in a microservice architecture?4
How to improve the security of your infrastructure?4
What is the Zero Trust security model?5
What are some security best practices when using containers?4
List the top 10 most common web security vulnerabilities.