So I have this code which basicaly retrieves data from a mysql database:
$categoria = $_GET['categoria'];
if($categoria ==""){}else{
$consulta = @mysql_query("SELECT * FROM productos where categoria='$categoria' ORDER BY nombre ASC");
while($seleccion = @mysql_fetch_array($consulta)){
$nombre = $seleccion['nombre'];
$referencia = $seleccion['referencia'];
$descripcion = $seleccion['descripcion'];
$imagen = $seleccion['imagen'];
And well after that I echo all of the variables... I was wondering, might there be any problem regarding security with a code like this? Is there any risk of it being hacked? Thanks!