Results 1 to 2 of 2

Thread: Is a SELECT query that uses WHERE id > 0 not safe ?

  1. #1

    Thread Starter
    New Member
    Join Date
    May 2015
    Posts
    8

    Is a SELECT query that uses WHERE id > 0 not safe ?

    Hi,,

    I had this problem with a php error, the cliche "No INDEX is used" and many posts say to just ignore it using MYSQLI_REPORT_OFF

    I tried that but that didn't work, a post on devshed explained the index and I used WHERE id > 0 and this worked however. I have to use parameterized binding as this is somehow not safe.

    Is that true

  2. #2
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,900

    Re: Is a SELECT query that uses WHERE id > 0 not safe ?

    It's hard to tell from the wording of your question but I'm guessing you've used string concatenation to build your query. If so the answer is no, it's not safe and it's open to SQL injection attacks. Using Parametized queries protects you from this.
    The best argument against democracy is a five minute conversation with the average voter - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width