Yes, it's secure because you aren't allowing any variable to be inserted as part of a query. However it is horribly inefficient as it violates the DRY principle: you are writing the same code out in a dozen different places.
A better (and perfectly secure by design) approach would be to use a prepared statement via a parameterised data object (PDO), which would allow all the sanitising of the data to happen automatically. See examples here: http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php https://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php
$query = "UPDATE Quiz1 SET :score1 = ( :score2 + 1) WHERE Question = :question ";
$statement = $pdo->prepare($query);
$params = array(
'score1' => 'A',
'score2' => 'A',
'question' => 2
);
$statement->execute($params);
foreach ($statement as $row) {
// Do stuff.
}
Yes, it's secure because you aren't allowing any variable to be inserted as part of a query. However it is horribly inefficient as it violates the DRY principle: you are writing the same code out in a dozen different places.
A better (and perfectly secure by design) approach would be to use a prepared statement via a parameterised data object (PDO), which would allow all the sanitising of the data to happen automatically. See examples here: http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php
$query = "UPDATE Quiz1 SET :score1 = ( :score2 + 1) WHERE Question = :question ";
$statement = $pdo->prepare($query);
$params = array(
'score1' => 'A',
'score2' => 'A',
'question' => 2
);
$statement->execute($params);
foreach ($statement as $row) {
// Do stuff.
}
Yes, it's secure because you aren't allowing any variable to be inserted as part of a query. However it is horribly inefficient as it violates the DRY principle: you are writing the same code out in a dozen different places.
A better (and perfectly secure by design) approach would be to use a prepared statement via a parameterised data object (PDO), which would allow all the sanitising of the data to happen automatically. See examples here: https://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php
$query = "UPDATE Quiz1 SET :score1 = ( :score2 + 1) WHERE Question = :question ";
$statement = $pdo->prepare($query);
$params = array(
'score1' => 'A',
'score2' => 'A',
'question' => 2
);
$statement->execute($params);
foreach ($statement as $row) {
// Do stuff.
}
Yes, it's secure because you aren't allowing any variable to be inserted as part of a query. However it is horribly inefficient as it violates the DRY principle: you are writing the same code out in a dozen different places.
A better (and perfectly secure by design) approach would be to use a prepared statement via a parameterised data object (PDO), which would allow all the sanitising of the data to happen automatically. See examples here: http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php
$query = "UPDATE Quiz1 SET :score1 = ( :score2 + 1) WHERE Question = :question ";
$statement = $pdo->prepare($query);
$params = array(
'score1' => 'A',
'score2' => 'A',
'question' => 2
);
$statement->execute($params);
foreach ($statement as $row) {
// Do stuff.
}
Yes, it's secure because you aren't allowing any variable to be inserted as part of a query. However it is horribly inefficient as it violates the DRY principle: you are writing the same code out in a dozen different places.
A better approach would be to use a prepared statement via a parameterised data object (PDO), which would allow all the sanitising of the data to happen automatically. See examples here: http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php
$query = "UPDATE Quiz1 SET :score1 = ( :score2 + 1) WHERE Question = :question ";
$statement = $pdo->prepare($query);
$params = array(
'score1' => 'A',
'score2' => 'A',
'question' => 2
);
$statement->execute($params);
foreach ($statement as $row) {
// Do stuff.
}
Yes, it's secure because you aren't allowing any variable to be inserted as part of a query. However it is horribly inefficient as it violates the DRY principle: you are writing the same code out in a dozen different places.
A better (and perfectly secure by design) approach would be to use a prepared statement via a parameterised data object (PDO), which would allow all the sanitising of the data to happen automatically. See examples here: http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php
$query = "UPDATE Quiz1 SET :score1 = ( :score2 + 1) WHERE Question = :question ";
$statement = $pdo->prepare($query);
$params = array(
'score1' => 'A',
'score2' => 'A',
'question' => 2
);
$statement->execute($params);
foreach ($statement as $row) {
// Do stuff.
}
Yes, it's secure because you aren't allowing any variable to be inserted as part of a query. However it is horribly inefficient andas it violates the DRY principle;DRY principle : you are writing the same code out in a dozen different places.
A better approach would be to use a prepared statement via a parameterised data object (PDO), which would allow all the sanitising of the data to happen automatically. See examples here: http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php
$query = "UPDATE Quiz1 SET :score1 = ( :score2 + 1) WHERE Question = :question ";
$statement = $pdo->prepare($query);
$params = array(
'score1' => 'A',
'score2' => 'A',
'question' => 2
);
$statement->execute($params);
foreach ($statement as $row) {
// Do stuff.
}
Yes, it's secure because you aren't allowing any variable to be inserted as part of a query. However it is horribly inefficient and violates the DRY principle; you are writing the same code out in a dozen different places.
A better approach would be to use a prepared statement via a parameterised data object (PDO), which would allow all the sanitising of the data to happen automatically. See examples here: http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php
Yes, it's secure because you aren't allowing any variable to be inserted as part of a query. However it is horribly inefficient as it violates the DRY principle : you are writing the same code out in a dozen different places.
A better approach would be to use a prepared statement via a parameterised data object (PDO), which would allow all the sanitising of the data to happen automatically. See examples here: http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php
$query = "UPDATE Quiz1 SET :score1 = ( :score2 + 1) WHERE Question = :question ";
$statement = $pdo->prepare($query);
$params = array(
'score1' => 'A',
'score2' => 'A',
'question' => 2
);
$statement->execute($params);
foreach ($statement as $row) {
// Do stuff.
}