Select with LIKE and POST

Question

Select with LIKE and POST

Navigation

#1 by (3 votes)

2

Hello

I'm trying to use a LIKE in a SELECT, the data came via GET, but it does not work, what could be wrong?

$nome = $_GET['nome'];

$row=$db->prepare("SELECT * FROM cadastro WHERE nome LIKE '%$nome'%");

Thank you

php mysql

asked by anonymous 15.05.2017 / 14:07

1 answer

fill array to generate json javascript Create a list copy in Python so that they are independent

score 3 · Accepted Answer

Friend tries to use a filter on GET to avoid inject.

Try this:

$nome = addslashes(filter_input(INPUT_GET, 'nome', FILTER_SANITIZE_SPECIAL_CHARS));

$row=$db->prepare("SELECT * FROM cadastro WHERE nome LIKE '%$nome%'"); // Primeiro o %, depois a aspa simples

To facilitate, post the error that is returning in your php.