I have a user form that is sent to an external website and the response from that website contains a unique code (like "a87ju89y"). That code is important to me and so, using prepared statements I input it into my database.
On the back end I have a cronjob that runs a php script every minute that queries the database to see if there are new codes like this:
$con = mysqli_connect($servername, $username, $password, $database);
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$results = mysqli_query($con, "SELECT user FROM stack ORDER BY ID");
$cronresults = mysqli_query($con, "SELECT run FROM kook ORDER BY ID");
$row = mysqli_fetch_assoc($results);
$cron = mysqli_fetch_assoc($cronresults);
$row2 = $row['user'];
$cron2 = $cron['kook'];
My question is that would I need a prepared statement to simply pull information and prevent some sort of SQL injection? and if I do how would I go about it?