Why can I not sql inject this piece of code?
This is the code:
$stmt = $db->prepare("SELECT DISTINCT * FROM kurssit WHERE BINARY id=? AND BINARY avain=?");
$stmt->bind_param("is", $kurssi, $avain);
// prepare and bind
$kurssi = $_POST["kurssi"];
$a… Continue reading Why can I not sql inject this piece of code?