What are the potential security risks of using $_GET to retrieve email addresses from a database in PHP?
Using $_GET to retrieve email addresses from a database in PHP can pose a security risk as it exposes the data directly in the URL, making it vulnerable to attacks like SQL injection. To mitigate this risk, it is recommended to sanitize and validate the input data before using it in database queries.
// Sanitize and validate the email address retrieved from $_GET
$email = filter_input(INPUT_GET, 'email', FILTER_SANITIZE_EMAIL);
// Use prepared statements to query the database
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = :email");
$stmt->bindParam(':email', $email);
$stmt->execute();