patternphpMinor
Displaying subcategories of subcategories
Viewed 0 times
subcategoriesdisplayingstackoverflow
Problem
I wanted to know if this code is safe against SQL injection or not?
Also do I need to
Also do I need to
mysqli_close if I already did the mysqli_stmt_close? Other suggestions are always welcome.if ($stmt = mysqli_prepare($connect, "SELECT subcategories.subcat_name, subsubcategories.subsubcat_name, subcategories.subcat_ID FROM subcategories INNER JOIN subsubcategories ON subcategories.subcat_ID=subsubcategories.subcat_ID WHERE subcategories.cat_ID = ? OR subcategories.extra_cat_ID = ? ORDER BY subcategories.subcat_name, subsubcategories.subsubcat_name ASC")){
mysqli_stmt_bind_param($stmt, "ii", $cat_ID, $cat_ID);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $subcat_name, $subsubcat_name, $subcat_ID);
$lastcat = 0;
while (mysqli_stmt_fetch($stmt)){
if($lastcat != $subcat_ID){
$lastcat = $subcat_ID;
echo "";
echo $subcat_name;
echo "";
echo "";
}
echo $subsubcat_name;
echo "";
}
}
mysqli_stmt_close($stmt);
mysqli_close($connect);Solution
SQL Injection
Yes, your code is safe against SQL Injection. Make sure to use prepared statements when fetching things from the database as well, even in internal application services without user input.
Others
Well, I'm guessing this is a subset of the code in Displaying categories and subcategories in php having different tables, so my review there still stands.
Yes, your code is safe against SQL Injection. Make sure to use prepared statements when fetching things from the database as well, even in internal application services without user input.
Others
Well, I'm guessing this is a subset of the code in Displaying categories and subcategories in php having different tables, so my review there still stands.
Context
StackExchange Code Review Q#54050, answer score: 2
Revisions (0)
No revisions yet.