get_pet() contain an SQL query where one part of it is a variable. Whenever you have this situation, you’re opening yourself up for an SQL injection attack. In this tutorial we'll see how this works by exploiting the security hole, and then fixing it up with prepared statements. Prepared statements let us build a query where the variable parts are kept separate from the rest of the query. This will conclude our work for this section of the site and managing databases.
Preventing SQL Injection Attacks with Prepared Statements
There are no resources for this video. If you believe there should be, please contact us.