$_GET and security (1 post)

  1. lerizzle
    Posted 4 years ago #

    I'm querying the database based on a $_GET variable. What should I do with that variable before my query? Is this sufficient?

    $myVar = get_var("SELECT table_term_taxonomy.term_taxonomy_id FROM table_term_taxonomy INNER JOIN table_terms ON (table_term_taxonomy.term_id = table_terms.term_id) WHERE 1=1 AND ( table_terms.slug = '$_GET[location]' ) LIMIT 0, 1"));

    or should I do something else?

Topic Closed

This topic has been closed to new replies.

About this Topic