Return to Answer

Yes, let's see:

• You are vulnerable to SQL injection : By including variables directly in the query, you are making yourself vulnerable to SQL injection attacks. Use prepared statements . Further reading: How can I prevent SQL Injection in PHP?
• Don't use <br> for vertical spacing control. You should use proper semantic elements, for example:

 <ul>
 <li>Subcat 1
 <ul>
 <li>Subsubcat 1</li>
 <li>Subsubcat 2</li>
 <li>Subsubcat 3</li>
 </ul>
 </li>
 </ul>

Aside from that, LGTM. Good job! :)

Example for prepared statements:

$stmt = mysqli_prepare($connect, "SELECT subcategories.subcat_name, subsubcategories.subsubcat_name, subcategories.subcat_ID FROM subcategories INNER JOIN subsubcategories ON subcategories.subcat_ID=subsubcategories.subcat_ID WHERE subcategories.cat_ID = ? OR subcategories.extra_cat_ID = ? ORDER BY subcategories.subcat_name, subsubcategories.subsubcat_name ASC");
mysqli_stmt_bind_param($stmt, "ii", $cat_ID, $cat_ID);
mysqli_stmt_execute($stmt);

Yes, let's see:

• You are vulnerable to SQL injection : By including variables directly in the query, you are making yourself vulnerable to SQL injection attacks. Use prepared statements . Further reading: How can I prevent SQL Injection in PHP?
• Don't use <br> for vertical spacing control. You should use proper semantic elements, for example:

 <ul>
 <li>Subcat 1
 <ul>
 <li>Subsubcat 1</li>
 <li>Subsubcat 2</li>
 <li>Subsubcat 3</li>
 </ul>
 </li>
 </ul>

Aside from that, LGTM. Good job! :)

Example for prepared statements:

$stmt = mysqli_prepare($connect, "SELECT subcategories.subcat_name, subsubcategories.subsubcat_name, subcategories.subcat_ID FROM subcategories INNER JOIN subsubcategories ON subcategories.subcat_ID=subsubcategories.subcat_ID WHERE subcategories.cat_ID = ? OR subcategories.extra_cat_ID = ? ORDER BY subcategories.subcat_name, subsubcategories.subsubcat_name ASC");
mysqli_stmt_bind_param($stmt, "ii", $cat_ID, $cat_ID);
mysqli_stmt_execute($stmt);

Yes, let's see:

• You are vulnerable to SQL injection : By including variables directly in the query, you are making yourself vulnerable to SQL injection attacks. Use prepared statements . Further reading: How can I prevent SQL Injection in PHP?

• Don't use <br> for vertical spacing control. You should use proper semantic elements, for example:

   <ul>
   <li>Subcat 1
   <ul>
   <li>Subsubcat 1</li>
   <li>Subsubcat 2</li>
   <li>Subsubcat 3</li>
   </ul>
   </li>
   </ul>
  

Aside from that, LGTM. Good job! :)

Example for prepared statements:

$stmt = mysqli_prepare($connect, "SELECT subcategories.subcat_name, subsubcategories.subsubcat_name, subcategories.subcat_ID FROM subcategories INNER JOIN subsubcategories ON subcategories.subcat_ID=subsubcategories.subcat_ID WHERE subcategories.cat_ID = ? OR subcategories.extra_cat_ID = ? ORDER BY subcategories.subcat_name, subsubcategories.subsubcat_name ASC");
mysqli_stmt_bind_param($stmt, "ii", $cat_ID, $cat_ID);
mysqli_stmt_execute($stmt);

Yes, let's see:

• You are vulnerable to SQL injection : By including variables directly in the query, you are making yourself vulnerable to SQL injection attacks. Use prepared statements . Further reading: How can I prevent SQL Injection in PHP?
• Don't use <br> for vertical spacing control. You should use proper semantic elements, for example:

 <ul>
 <li>Subcat 1
 <ul>
 <li>Subsubcat 1</li>
 <li>Subsubcat 2</li>
 <li>Subsubcat 3</li>
 </ul>
 </li>
 </ul>

Aside from that, LGTM. Good job! :)

Example for prepared statements:

$stmt = mysqli_prepare($connect, "SELECT subcategories.subcat_name, subsubcategories.subsubcat_name, subcategories.subcat_ID FROM subcategories INNER JOIN subsubcategories ON subcategories.subcat_ID=subsubcategories.subcat_ID WHERE subcategories.cat_ID = ? OR subcategories.extra_cat_ID = ? ORDER BY subcategories.subcat_name, subsubcategories.subsubcat_name ASC");
mysqli_stmt_bind_param($stmt, "ii", $cat_ID, $cat_ID);
mysqli_stmt_execute($stmt);

Yes, let's see:

• You are vulnerable to SQL injection : By including variables directly in the query, you are making yourself vulnerable to SQL injection attacks. Use prepared statements . Further reading: How can I prevent SQL Injection in PHP?

• Don't use <br> for vertical spacing control. You should use proper semantic elements, for example:

   <ul>
   <li>Subcat 1
   <ul>
   <li>Subsubcat 1</li>
   <li>Subsubcat 2</li>
   <li>Subsubcat 3</li>
   </ul>
   </li>
   </ul>
  

Aside from that, LGTM. Good job! :)

Example for prepared statements:

$stmt = mysqli_prepare($connect, "SELECT subcategories.subcat_name, subsubcategories.subsubcat_name, subcategories.subcat_ID FROM subcategories INNER JOIN subsubcategories ON subcategories.subcat_ID=subsubcategories.subcat_ID WHERE subcategories.cat_ID = ? OR subcategories.extra_cat_ID = ? ORDER BY subcategories.subcat_name, subsubcategories.subsubcat_name ASC");
mysqli_bind_param($stmt, "ii", $cat_ID, $cat_ID);
mysqli_stmt_execute($stmt);

Yes, let's see:

• You are vulnerable to SQL injection : By including variables directly in the query, you are making yourself vulnerable to SQL injection attacks. Use prepared statements . Further reading: How can I prevent SQL Injection in PHP?

• Don't use <br> for vertical spacing control. You should use proper semantic elements, for example:

   <ul>
   <li>Subcat 1
   <ul>
   <li>Subsubcat 1</li>
   <li>Subsubcat 2</li>
   <li>Subsubcat 3</li>
   </ul>
   </li>
   </ul>
  

Aside from that, LGTM. Good job! :)

Example for prepared statements:

$stmt = mysqli_prepare($connect, "SELECT subcategories.subcat_name, subsubcategories.subsubcat_name, subcategories.subcat_ID FROM subcategories INNER JOIN subsubcategories ON subcategories.subcat_ID=subsubcategories.subcat_ID WHERE subcategories.cat_ID = ? OR subcategories.extra_cat_ID = ? ORDER BY subcategories.subcat_name, subsubcategories.subsubcat_name ASC");
mysqli_stmt_bind_param($stmt, "ii", $cat_ID, $cat_ID);
mysqli_stmt_execute($stmt);