0

(php) select all data from a table and making it safe against sql injection

I want to select all data from a table with a sql query like : 'SELECT * FROM tablename', but won't this make the db exposed to a sql injection? I mean I could make a prepared statement, so for example: 'SELECT * FROM tablename WHERE name = :name', and then use bindParam, but doing like so i would call only a row from the table, and i want to call all the rows. am i missing something?

14th Jul 2020, 8:03 AM
Francesco Paolini
Francesco Paolini - avatar
1 Odpowiedź
+ 4
as far as i know sqlinjection only ultilize user input. so if there's no user input in your query, you dont need to use preparedStatement.
14th Jul 2020, 8:06 AM
Taste
Taste - avatar