Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Pretty simple really,
If I pull an array from a database and then use a value from that array, say an auto increment field, do I have to use a prepared statement on that query or will I be safe using a normal sql query as the value cannot change of the variable and I know it will not be a sql injection attack. Same goes for is the variable is set in a session?
You should be safe, if you know that the database is from the trusted source. And that in 99% is.
If you are connecting to foreign (not own) database, which might have some dangerous text in it, only in that case, yes, you must escape the input, otherwise no.