I'm parsing a url and using the number as an id to pull out the specific entry
So with a statement such as:
$blog_id = 5;
$query = "SELECT id,entry,date,views,comments,likes FROM blogs WHERE id=$blog_id ORDER by Id DESC";
Is that secure or should I use ....id=?
... and use a bind_param ?
Actually: This code is secure. Why? It doesn't take any user input. So there is nothing to modify.
While this doesn't make sense, there is no way to perform an SQL Injection here. Once you are using POST, GET or Cookies, you HAVE TO validate the incoming information. You can do this by using
PDO::bind_param
,filter_var()
orhtmlspecialchars()