Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Well done!
You have completed Integrating PHP with Databases!
You have completed Integrating PHP with Databases!
Preview
When extra code you never intended to run is passed into your database query, it is called a SQL injection, because this extra code is **injected** into your query.
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
This ID is going to come from
query string in our browser.
0:00
If someone visits
details.php?id=1 our code
0:02
passes the one to the single
item array function.
0:06
The function then uses this
one to query the database.
0:11
If someone visits details.php?id=2;
then it should use two in the query.
0:14
But what if someone types
this into the web address?
0:21
Think for
a minute about what that might do.
0:25
What if that whole string got
inserted into our simple select query
0:29
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up