I’m sorry, but where exactly is this code vulnerable to SQL-injection?
Do you guys mean this line:
$sql = ‘select friend_id from user_friends where user_id = ‘.$user_id;
Don’t you sanitize your input?
Or am i missing something?
I’m sorry, but where exactly is this code vulnerable to SQL-injection?
Do you guys mean this line:
$sql = ‘select friend_id from user_friends where user_id = ‘.$user_id;
Don’t you sanitize your input?
Or am i missing something?