0

(php) select all data from a table and making it safe against sql injection

I want to select all data from a table with a sql query like : 'SELECT * FROM tablename', but won't this make the db exposed to a sql injection? I mean I could make a prepared statement, so for example: 'SELECT * FROM tablename WHERE name = :name', and then use bindParam, but doing like so i would call only a row from the table, and i want to call all the rows. am i missing something?

sqlphp
14th Jul 2020, 8:03 AM
Francesco Paolini
Francesco Paolini - avatar
1 Respuesta
+ 4
as far as i know sqlinjection only ultilize user input. so if there's no user input in your query, you dont need to use preparedStatement.
14th Jul 2020, 8:06 AM
Taste
Taste - avatar

¿Tienes a menudo preguntas como esta?

Aprende gratis de forma más eficaz

Ver todos los cursos
En tendencia hoy
How to get better with problem-solving and programming
2 Votes
Ejercicio Pytho
0 Votes
What's wrong with this code ? ( Beginner)
2 Votes
What is that z for
0 Votes
Bug on "Java for Beginners Module 3 Quiz"
1 Votes
Suggestions needed
4 Votes
Write a program to find the strings are in isogram or not
0 Votes
Please rate my code from 1 to 10
2 Votes
How to start
0 Votes
Is there any new bug in the projects reply sections?
0 Votes