Zend
200-710 · Question #118
200-710 Question #118: Real Exam Question with Answer & Explanation
Sign in or unlock 200-710 to reveal the answer and full explanation for question #118. The question stem and answer options stay visible for context.
Question
Is the following code vulnerable to SQL Injection ($mysqli is an instance of the MySQLi class)?
$age = $mysqli->real_escape_string($_GET['age']);
$name = $mysqli->real_escape_string($_GET['name']);
$query = "SELECT * FROM 'table' WHERE name LIKE '$name' AND age = $age";
$results = $mysqli->query($query);
Options
- ANo, the code is fully protected from SQL Injection.
- BYes, because the $name variable is improperly escaped.
- CYes, because the $name variable and the $age variable is improperly escaped.
- DYes, because the $age variable is improperly escaped.
- EYes, because you cannot prevent SQL Injection when using MySQLi
Unlock 200-710 to see the answer
You've previewed enough free 200-710 questions. Unlock 200-710 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.