To save from SQL injection attack, use:
1. $search_query = mysql_real_escape_string($_POST['blahblah']);
$query = "SELECT name, age FROM people WHERE uid = '".$search_query."' LIMIT 0 , 1";
2. $search_query = mysqli_real_escape_string($_POST['code']);
$sql = "select * from user where code='$search_query'";
Comments
Post a Comment