|
By: shashi
Date: 2011-09-18
Time: 13:43
|
sql injection protection . using LIKE instead of =
Hi,
How do I ensure that there is SQL inejection protection when using the LIKE.
example
select a,b,c from table where (a=%1%) , $a - is in the example
how do I rewrite if the query is something like
select a,b,c from table where a like 'a%' - to search for something starting with a .
an example like this is not working:
$query = "select a,b,c from table where (a=%1%) and (b like '%2%') , $a, '$b%'";
$result = $a1db->GetRows($query);
Thanks,
Shashi
|
|
By: Skrol29
Date: 2011-09-18
Time: 20:53
|
Re: sql injection protection . using LIKE instead of =
Hi,
I guess your question is about TbsSQL.
Something like this should work:
$query = "select a,b,c from table where (a=%1%) and (b like '%2%')";
$result = $a1db->GetRows($query, $a, $b.'%');
|
or:
$query = "select a,b,c from table where (a=%1%) and (b like '%2%%')";
$result = $a1db->GetRows($query, $a, $b);
|
|