Click here to Skip to main content
14,865,287 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
please see the below code this works fine with mysqli method but prone to sql injection so i want to use prepare but for LIKE i cant use it

$t=strtolower($_POST['e']);
$search_exploded = explode ( " ", $t );
$construct = '';
foreach( $search_exploded as $search_each ) {
$construct .="AND title LIKE ? ";
}


$query=$conn->prepare( "SELECT * FROM vdo WHERE 1 $construct ");
$query->execute(["%$search_each%"]);
$found=$query->rowCount();
if($found == 0){
echo "NO Result Found";

}else{
while($row_id1=$query->fetch(PDO::FETCH_ASSOC)){
echo $title=$row_id1['title'];

}

What I have tried:

please see the below code this works fine with mysqli method but prone to sql injection so i want to use prepare but for LIKE i cant use it
Posted

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900