I have a php file at my site, and I connect to db, get

Question

0

Asked: May 14, 20262026-05-14T06:27:44+00:00 2026-05-14T06:27:44+00:00

I have a php file at my site, and I connect to db, get

0

I have a php file at my site, and I connect to db, get some records and list them in same file.

mysql_connect("localhost", "blabla", "blabla") or die(mysql_error());
mysql_select_db("blabla") or die(mysql_error());

$blabla1 = mysql_query("SELECT * FROM gallery WHERE id_cat=1");
$blabla2 = mysql_query("SELECT * FROM gallery WHERE id_cat=2");
$blabla3 = mysql_query("SELECT * FROM gallery WHERE id_cat=3");

So, is there anything I need to do for security? Like sql-injection or anything else. there is nothing going to url. It is just www.blabla.com/gallery.php.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-14T06:27:44+00:00

This snippet is perfectly safe, because there are no variables put into the query string.

To work safely in case you have to deal with variables one day – be they directly coming in from the user, or from another data source – you may want to switch over to a mySQL library that supports parametrized queries, like PDO. Those eliminate the danger of injections completely, because they take care of escaping the incoming data automatically.

If you stick with the mysql_* functions, make sure you escape ~~all incoming~~ any data using mysql_real_escape_string() and ensure they are inserted within a pair of single quotes.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a php file at my site, and I connect to db, get

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply