Is the following code vulnerable to SQL Injection ($mysqli is an instance of the MySQLi class)?
$age= $mysqli->real_escape_string($_GET[‘age’]);
$name= $mysqli->real_escape_string($_GET[‘name’]);
$query= "SELECT* FROM ‘table’ WHERE name LIKE ‘$name’ AND age= $age";
$results= $mysqli->query($query);
A . No, the code is fully protected from SQL Injection.
B . Yes, because the $name variable is improperly escaped.
C . Yes, because the $name variable and the $age variable is improperly escaped.
D . Yes, because the $age variable is improperly escaped.
E . Yes, because you cannot prevent SQL Injection when using MySQLi
Answer: D