This is where you share YOUR scripts with others
Moderators: macek, egami, gesf
by medlinux » Mon Aug 22, 2011 9:37 am
hi
I try to use this code in order to avoid injection SQL
- Code: Select all
$reponse = $bdd->prepare("SELECT * FROM Table1 WHERE Titre LIKE '%?%' OR Auteur LIKE '%?%' OR Editeur LIKE '%?%' ");
$reponse->execute(array($_POST['book_title'],$_POST['book_author'],$_POST['editor']));
but it wants work
could you help me ?
-
medlinux
- New php-forum User
-
- Posts: 1
- Joined: Mon Aug 22, 2011 9:30 am
by NigelRen » Tue Aug 23, 2011 11:31 am
When you say it won't work - what error are you getting? Or is it just returning everything?
-
NigelRen
- php-forum Active User
-
- Posts: 450
- Joined: Fri Aug 05, 2011 9:53 am
Return to Your Scripts
Who is online
Users browsing this forum: No registered users and 1 guest
