Do coding this way pose any security risks?
$test = $_GET['test'];
if($test) {
$sql = mysql_query("SELECT * FROM tbl WHERE col2 = 'ABC'");
$row ...
}
Do coding this way pose any security risks?
$test = $_GET['test'];
if($test) {
$sql = mysql_query("SELECT * FROM tbl WHERE col2 = 'ABC'");
$row ...
}
No, The code above does not have any security hole since you are not using the GET variable in any mysql query.
Look here for other security concerns