Is this query safe to use? Prepared statement?
Is this query safe to use? I'm not sure how I'd convert it to a prepared
statement as it's not using any values from the user:
$result = mysqli_query($cxn, "SELECT * FROM table WHERE datetime >
DATE_SUB(NOW(), INTERVAL 15 DAY) ORDER BY RAND() LIMIT 1");
while ($row = mysqli_fetch_array($result)) {
$title = $row['title'];
echo $title;
}
Is this safe to use? How can I improve it?
Thanks.
No comments:
Post a Comment