I've been working with MySQL. When I set up a new user account, there are a lot of permissions that can be activated or not activated. Things like ADD DELETE INSERT DROP SELECT, etc.
I'm wondering the following:
Suppose you have a website that has a search box. Further suppose the MySQL user permission tied to the search box GET/POST form submit is set to SELECT only (meaning the only thing that user account can do to the MySQL database is SELECT).
Does that mean the search box is safe from SQL injection attack? I would think it would be safe, because the user account only allows it to select information rather than add or drop a table, etc.
Thanks for any insights.