What is the potential issue with the PHP code provided for fetching data from a database and displaying it using echo?

The potential issue with the provided PHP code is that it is vulnerable to SQL injection attacks. To solve this issue, it is recommended to use prepared statements with parameterized queries to prevent malicious SQL injection.

// Connect to the database
$pdo = new PDO(&#039;mysql:host=localhost;dbname=mydatabase&#039;, &#039;username&#039;, &#039;password&#039;);

// Prepare a statement with a parameterized query
$stmt = $pdo-&gt;prepare(&quot;SELECT * FROM mytable WHERE id = :id&quot;);

// Bind the parameter
$stmt-&gt;bindParam(&#039;:id&#039;, $id);

// Execute the query
$stmt-&gt;execute();

// Fetch and display the data
while ($row = $stmt-&gt;fetch()) {
    echo $row[&#039;column1&#039;] . &#039; - &#039; . $row[&#039;column2&#039;] . &#039;&lt;br&gt;&#039;;
}

Keywords

SQL injection mysqli_real_escape_string prepared statements XSS vulnerability error handling

What is the potential issue with the PHP code provided for fetching data from a database and displaying it using echo?

Keywords

Related Questions