It absolutely not secure.... mysql_*
is old and shouldn't be used. You should use PDO or mysqli instead, In the following example, I showed how it could be done with mysqli.
<?php
if(isset($_GET['map_loc'])) {
$code = $_GET['map_loc'];
$query = "SELECT ttc.continent_id, ttc.continent_id, c.name FROM territories_to_continents ttc
INNER JOIN continents c
ON ttc.continent_id = c.continent_id
WHERE ttc.code = ?
LIMIT 1";
if($stmt = $mysqli->prepare($query)){
$stmt->bind_param('s', $code);
$stmt->execute();
$stmt->bind_result($ttc.continent_id1, $ttc.continent_id2, $mapLoc);
$stmt->fetch();
$stmt->free_result();
$stmt->close();
}
}
?>
You should definitely check out this famous question for help: How can I prevent SQL injection in PHP?