0
(php) select all data from a table and making it safe against sql injection
I want to select all data from a table with a sql query like : 'SELECT * FROM tablename', but won't this make the db exposed to a sql injection? I mean I could make a prepared statement, so for example: 'SELECT * FROM tablename WHERE name = :name', and then use bindParam, but doing like so i would call only a row from the table, and i want to call all the rows. am i missing something?
1 ответ
+ 4
as far as i know sqlinjection only ultilize user input. so if there's no user input in your query, you dont need to use preparedStatement.