[Solved] How is this code in PHP vulnerable to SQL Injection?
First, $email = filter_input(INPUT_GET, ’email’); does nothing it’s the same as $email = filter_input(INPUT_GET, ’email’, FILTER_DEFAULT);, and FILTER_DEFAULT is documented as “do nothing”. Second, PDO’s Query function does appear to support multiple statements (albeit in a rather annoying to use manner, and I can’t say I’ve personally played with it). PHP PDO multiple select query … Read more