In the provided PHP code snippet, what potential issue is present in the SQL query construction for retrieving data based on a user's email address?

The potential issue in the SQL query construction is that the email address input is directly concatenated into the query string, making it vulnerable to SQL injection attacks. To solve this issue, you should use prepared statements with parameterized queries to safely pass user input to the database.

// Potential issue: SQL injection vulnerability
$email = $_GET[&#039;email&#039;];
$query = &quot;SELECT * FROM users WHERE email = &#039;$email&#039;&quot;;
```

```php
// Fix using prepared statements
$email = $_GET[&#039;email&#039;];
$query = &quot;SELECT * FROM users WHERE email = ?&quot;;
$stmt = $pdo-&gt;prepare($query);
$stmt-&gt;execute([$email]);

Keywords

PHP SQL injection prepared statements user input email address

In the provided PHP code snippet, what potential issue is present in the SQL query construction for retrieving data based on a user's email address?

Keywords

Related Questions