2
Hello
I’m trying to use a LIKE in a SELECT, the data turned via GET, but it doesn’t work, which may be wrong ?
$nome = $_GET['nome'];
$row=$db->prepare("SELECT * FROM cadastro WHERE nome LIKE '%$nome'%");
Thank you
1 answer
3
Friend tries to use a filter on GET to avoid injecting.
Try it this way:
$nome = addslashes(filter_input(INPUT_GET, 'nome', FILTER_SANITIZE_SPECIAL_CHARS));
$row=$db->prepare("SELECT * FROM cadastro WHERE nome LIKE '%$nome%'"); // Primeiro o %, depois a aspa simples
To make it easier, post the error that is returning in your php.
-
Hello friend. There is no error on the screen or in the console of Google Chrome
-
Well you’re using the method
GETright. With it you have to pass the name through the URL, if you are going to use a form you have to use the methodPOST. -
Hello Hugo. Thank you, but it’s already solved.
-
Posed as solved the problem, because it can help other people.
-
+1 for the escape of special characters. The kids have to learn this early to stay in the blood.
-
I solved the problem, following Killerjack’s advice, I changed the position of the single quotes.
Browser other questions tagged php mysql
You are not signed in. Login or sign up in order to post.
Have you tried putting the last percent inside the single quotes?
– KillerJack
Now it worked. Thank you Killerjack
– abduzeedo