Category: SQL Injection
$sql = “SELECT * FROM table WHERE field = ‘$_GET[input_zero]’”; $stmt = odbc_prepare($conn, $sql);