ExamTopics Logo
Mail Us[email protected]
Menu
Zend Discussions
exam questions

Exam 200-550 All Questions

View all questions & answers for the 200-550 exam
Go to Exam

Exam 200-550 topic 1 question 117 discussion

Actual exam question from Zend's 200-550
Question #: 117
Topic #: 1
[All 200-550 Questions]

Is the following code vulnerable to SQL Injection ($mysqli is an instance of the MySQLi class)?
$age = $mysqli->real_escape_string($_GET['age']);
$name = $mysqli->real_escape_string($_GET['name']);
$query = "SELECT * FROM `table` WHERE name LIKE '$name' AND age = $age";
$results = $mysqli->query($query);

  • A. No, the code is fully protected from SQL Injection.
  • B. Yes, because the $name variable is improperly escaped.
  • C. Yes, because the $name variable and the $age variable is improperly escaped.
  • D. Yes, because the $age variable is improperly escaped.
  • E. Yes, because you cannot prevent SQL Injection when using MySQLi
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by lolojepu at April 5, 2025, 6:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel