Allowing SQL injection

Security is easy to overlook, especially when starting out. SQL injections are extremely dangerous. Let’s say you write this in your code:

<?php
"SELECT first_name FROM users WHERE id = " .$input['user_id'] . ";"

$stmt = $pdo->prepare("SELECT first_name FROM users WHERE id = :user_id"); 
$stmt->bindParam(':user_id', $input['user_id']);
?>

https://afilina.com/common-php-mistakes

Add PushPanel.io to your Homescreen!