How to avoid SQL Injection in SQL query with Like Operator for only PHP and Mysql? can this be done using string functions?
or can anybody tell me what should I do to prevent attacks of like % operator?
How to avoid SQL Injection in SQL query with Like Operator for only PHP and Mysql? can this be done using string functions?
or can anybody tell me what should I do to prevent attacks of like % operator?
You can escape the string using mysql_real_escape_string
and add the %
wildcards afterwards.