HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

Displaying subcategories of subcategories

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
subcategoriesdisplayingstackoverflow

Problem

I wanted to know if this code is safe against SQL injection or not?
Also do I need to mysqli_close if I already did the mysqli_stmt_close? Other suggestions are always welcome.

if ($stmt = mysqli_prepare($connect, "SELECT subcategories.subcat_name, subsubcategories.subsubcat_name, subcategories.subcat_ID FROM subcategories INNER JOIN subsubcategories ON subcategories.subcat_ID=subsubcategories.subcat_ID WHERE subcategories.cat_ID = ? OR subcategories.extra_cat_ID = ? ORDER BY subcategories.subcat_name, subsubcategories.subsubcat_name ASC")){
mysqli_stmt_bind_param($stmt, "ii", $cat_ID, $cat_ID);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $subcat_name, $subsubcat_name, $subcat_ID);
$lastcat = 0;
while (mysqli_stmt_fetch($stmt)){
    if($lastcat != $subcat_ID){
        $lastcat = $subcat_ID;
        echo ""; 
        echo $subcat_name;
        echo "";
        echo "";
        }

    echo $subsubcat_name;
    echo "";
    }
}
mysqli_stmt_close($stmt);
mysqli_close($connect);

Solution

SQL Injection

Yes, your code is safe against SQL Injection. Make sure to use prepared statements when fetching things from the database as well, even in internal application services without user input.

Others

Well, I'm guessing this is a subset of the code in Displaying categories and subcategories in php having different tables, so my review there still stands.

Context

StackExchange Code Review Q#54050, answer score: 2

Revisions (0)

No revisions yet.