How can i configure to my query.
$query_event ="SELECT * FROM event_list WHERE even_title='$EventTitle' AND even_loc='$EventLocation' ";
now suppose there is form which requires either put title or put location in the form or u can put both and for blank too so what will be the query?
Please help
thanks
Create a starting query, then add on where clauses
$query_event = "Select * from event_list where 1";
if ( $EventTitle ) {
$query_event .= " and even_title='$EventTitle'";
}
if ( $event_loc ) {
$query_event .= " and even_loc='$EventLocation'";
}
If you pass your queries this way, you're going to be very vulnerable to SQL injection.
For example, if someone type "'; DELETE FROM EVENT_LIST"
as an Event title in a search screen, he can delete your whole table.
Use these advices to protect your datas : https://www.owasp.org/index.php/PHP_Top_5#P3:_SQL_Injection
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.