<div>
So, if I enter a fixed value, instead of a parameter, it should be okay?
</div>


So, if I enter a fixed value, instead of a parameter, it should be okay?

<div>
<div class="content wysiwyg-content">
Is this a really bad query?<br />
<br />
SELECT * FROM categories WHERE categoryID = 5<br />
<br />
Could something like this leave me vulnerable to SQL Injection? &nbsp;How do I prevent it? &nbsp;I'm using Dreamweaver to create my PHP pages and then customizing when necessary. &nbsp;
</div>
</div>


Is this a really bad query?

SELECT * FROM categories WHERE categoryID = 5

Could something like this leave me vulnerable to SQL Injection?  How do I prevent it?  I'm using Dreamweaver to create my PHP pages and then customizing when necessary.  

PHP/MySQL Query and SQL Injection

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.

MySQL is an open source, relational database management system that runs as a server providing multi-user access to a number of databases. Acquired by Oracle in 2009, it is frequently used in combination with PHP installations, powering most of the WordPress installations.