I’m querying the database based on a $_GET variable. What should I do with that variable before my query? Is this sufficient?
$myVar = get_var(“SELECT table_term_taxonomy.term_taxonomy_id FROM table_term_taxonomy INNER JOIN table_terms ON (table_term_taxonomy.term_id = table_terms.term_id) WHERE 1=1 AND ( table_terms.slug = ‘$_GET[location]’ ) LIMIT 0, 1”));
or should I do something else?
- The topic ‘$_GET and security’ is closed to new replies.