safe to add mysql query in body?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
wurdup
Forum Commoner
Posts: 39
Joined: Thu Apr 01, 2010 11:36 am

safe to add mysql query in body?

Post by wurdup »

is it safe to put the sql command in the body? The code is in an include file.

Code: Select all

<body>

<?
					
					$sql= "SELECT * FROM products WHERE product_shown='1'";

					$productResult = mysql_query($sql) or die (mysql_error()); 
					
					$p=0;
                	while ($row = mysql_fetch_array($productResult, MYSQL_ASSOC)){ 

}
?>


User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: safe to add mysql query in body?

Post by Christopher »

Yes, but if you use any user supplied values in your SQL, such as from $_GET, $_POST, etc., then you need to validate them and always use the database's escape function.
(#10850)
Post Reply