Select with LIKE and POST

2

Hello

I'm trying to use a LIKE in a SELECT, the data came via GET, but it does not work, what could be wrong?

$nome = $_GET['nome'];

$row=$db->prepare("SELECT * FROM cadastro WHERE nome LIKE '%$nome'%");

Thank you

    
asked by anonymous 15.05.2017 / 14:07

1 answer

3

Friend tries to use a filter on GET to avoid inject.

Try this:

$nome = addslashes(filter_input(INPUT_GET, 'nome', FILTER_SANITIZE_SPECIAL_CHARS));

$row=$db->prepare("SELECT * FROM cadastro WHERE nome LIKE '%$nome%'"); // Primeiro o %, depois a aspa simples

To facilitate, post the error that is returning in your php.

    
15.05.2017 / 14:12