I have a small MySQL database with a few hundred rows (all in text, no images). I am requesting all the rows using iQuery and do all filtering at client end. iQuery code is the following:
$(document).ready( function () {
$.get("alldata.php", function(data){
$('#result').text(data);
});
});
On the server side, the "alldata.php" has the following code and pass the data in JSON back to iQuery:
$sql = "SELECT title FROM mydatabase";
$result = mysqli_query($conn, $sql);
$arr = array();
while($row = mysqli_fetch_assoc($result)){
$row_array['Title'] =$row['title'];
array_push($arr,$row_array);
}
mysqli_close($conn);
echo json_encode($arr);
It seems to me there will not be any risk of injection since there is NO user input submitted to the database. Am I right or wrong? Thanks a lot for your input!