PDO Doubt SQL Injection

Asked

Viewed 24 times

0

I am venturing a little with PDO, still at the beginning, and I have a question regarding a query with SQL Injection, follows it:

$insert = "INSERT INTO tabela (campo1, campo2, campo3) VALUES (:valor1, 
:valor2, :valor3)";

$db = new db();
$db = $db->connect();
$stat1 = $db->prepare($insert);
$stat1->execute([
  ":campo1" => $valor1,
  ":campo2" => $valor2,
  ":campo3" => $valor3
});

Would that be right? It’s running smoothly, but it’s safe?

Thank you very much, guys!

php pdo sql-injection

1 answer

0

It’s safe, as long as you don’t concatenate parameters with your query($Insert in case) it’s all safe

Browser other questions tagged php pdo sql-injection

You are not signed in. Login or sign up in order to post.