Is using a function to Select, Update, Delete and Insert to DB safe?

Asked Oct 19 '19 at 08:41

Active Oct 19 '19 at 08:41

Viewed 27 times

I'm working on a project, I decided to use a function to select,... from db ,
my question is, Is using a function like this function safe to use?
if not do you have any better idea?

function selectFromDB($tbl,$id) {
include("connect.php");
$sql = "SELECT * FROM ".$tbl." WHERE ID = '$id'";
$result = $conn->query($sql);
    if ($result->num_rows > 0) {
        while($row = $result->fetch_assoc()) {
            $GLOBALS['selectFromDB'] = $row;
        }
    }
}

asked Oct 19 '19 at 08:41

Alireza Sabahi

3

NO! https://stackoverflow.com/questions/6980792/what-is-pdo-why-should-i-use-it – r_a_f Oct 19 '19 at 08:54
3

https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php would be a good start to read. – Nigel Ren Oct 19 '19 at 08:59

Is using a function to Select, Update, Delete and Insert to DB safe?

0 Answers0