Dear All,
I am trying to pull data from the database using PDO, is the code below safe from an attack or do I need to bind anything? If I need to bind anything, please help me write the correct code because all the videos that I bought on e-commerce used mysqli and it is the procedural way without validating anything in the name of keeping things simple.
function productsInProductCategories() {
global $connection;
if(isset($_GET['p_cat'])){
$p_cat_id = $_GET['p_cat'];
$get_p_cat = "SELECT * FROM product_categories WHERE p_cat_id='$p_cat_id'";
$run_p_cat = $connection->query($get_p_cat);
$row_p_cat = $run_p_cat->fetch();
$p_cat_title = $row_p_cat['p_cat_title'];
$p_cat_desc = $row_p_cat['p_cat_desc'];
$get_products = "SELECT * FROM products WHERE p_cat_id='$p_cat_id'";
$run_products = $connection->query($get_products);
$count = $run_products->rowCount();
if($count==0){
echo "
<div class='box'>
<h1> No Product Found In This Product Category </h1>
</div>
";
}else{
echo "
<div class='box'>
<h1>$p_cat_title</h1>
<p>$p_cat_desc</p>
</div>
";
}
while($row_products = $run_products->fetch()){
$pro_id = $row_products['product_id'];
$pro_title = $row_products['product_title'];
$pro_price = $row_products['product_price'];
$pro_img1 = $row_products['product_img1'];
echo "
<div class='col-md-4 col-sm-6 single'>
<div class='product'>
<a href='details.php?pro_id=$pro_id'>
<img
src='admin_area/product_images/$pro_img1'
class='img-fluid'
/>
</a>
<div class='text'>
<h3><a href='details.php?pro_id=$pro_id'>$pro_title</a></h3>
<p class='price'>$$pro_price</p>
<p class='buttons'>
<a href='details.php?pro_id=$pro_id' class='btn btn-outline-primary'>View details</a>
<a href='details.php?pro_id=$pro_id' class='btn btn-primary'>
<i class='fa fa-shopping-cart'></i> Add to cart
</a>
</p>
</div>
</div>
</div>
";
}
}
}
Please, help me with the code that will work instead of just suggesting what to do, it will help me write the code faster and also make it more clearer.