Optimizing For Happiness
  • Home
Sign in Subscribe

defect

A collection of 1 post
Eliminating a Class of Defects
automated testing

Eliminating a Class of Defects

Imagine the following line of PHP code: $db->GetRow("SELECT * FROM users WHERE id = $user_id"); This line is vulnerable to SQL injection, if an attacker controls $user_id variable. This is the safe version (using parametrized query): $db->GetRow("SELECT * FROM users WHERE id = ?", array(‘$user_id’)); Options You
Oct 4, 2016 3 min read
Page 1 of 1
Optimizing For Happiness © 2023
Powered by Ghost