I need some opinions about my php coding. I'm specially curious if this is safe against sql injections. Apparently it seems to be, but I might be wrong.
And what do you think of this "style" of coding, as in, is it acceptable or really bad practice ?
$validinputs = array(1,9,21,'a','b');
if(in_array($_GET['search'], $validinputs))
{
$queryfilter = " = " . $_GET['search'];
}
else
{
$queryfilter = "IS NOT NULL";
}
(...)
$query = "SELECT * FROM `table` WHERE `field` {$queryfilter}";
Thanks!
EDIT: In this case i compare with $validinputs because these are the only valid search terms for that field, any other search term would return nothing.