$stmt = $conn->prepare("SELECT * FROM articles WHERE id = ?"); $stmt->bind_param("i", $_GET['id']); $stmt->execute();
The presence of upd might indicate a page that also accepts update parameters, increasing the risk. inurl php id1 upd
// Now proceed safely
To understand the risk, we have to break down what this string represents: $stmt = $conn->prepare("SELECT * FROM articles WHERE id =
If I visit vulnerable_upd.php?id1=1; DROP TABLE users;-- , the database receives: $stmt = $conn->