How can I make this query sql injection safe please? Will JRequest::getVar ensure that

Question

0

Asked: June 9, 20262026-06-09T23:29:52+00:00 2026-06-09T23:29:52+00:00

How can I make this query sql injection safe please? Will JRequest::getVar ensure that

0

How can I make this query sql injection safe please?
Will JRequest::getVar ensure that the parameter that is passed is sql injection safe?

$product_id = JRequest::getVar('product_id')
$db = JFactory::getDBO();
$query = " select * from #__products where product_id=".$product_id."; ";       
$db->setQuery($query);
$data = $db->loadObjectList();
return $data[0];

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-09T23:29:53+00:00

Editorial Team

2026-06-09T23:29:53+00:00Added an answer on June 9, 2026 at 11:29 pm

Yes, using getVar function to access request variables, will ensure that all user data is filtered before it’s used somewhere else (such as in SQL queries).
getVar method on the JRequest class automatically filters out the input (unless explicitly told otherwise).

You can also use quote to escape strings before inserting to database

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

How can I make this query sql injection safe please? Will JRequest::getVar ensure that

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply