PrepAway - Latest Free Exam Questions & Answers

Is the following code vulnerable to SQL Injection…

Is the following code vulnerable to SQL Injection ($mysqli is an instance of the MySQLi
class)? $age = $mysqli->real_escape_string($_GET[‘age’]); $name =
$mysqli->real_escape_string($_GET[‘name’]); $query = “SELECT * FROM `table` WHERE
name LIKE ‘$name’ AND age = $age”; $results = $mysqli->query($query);

PrepAway - Latest Free Exam Questions & Answers

A.
No, the code is fully protected from SQL Injection.

B.
Yes, because you cannot prevent SQL Injection when using MySQLi

C.
Yes, because the $age variable is improperly escaped.

D.
Yes, because the $name variable is improperly escaped.

E.
Yes, because the $name variable and the $age variable is improperly escaped.

2 Comments on “Is the following code vulnerable to SQL Injection…


Leave a Reply

Your email address will not be published. Required fields are marked *