Finally i am migrating from sql to PDO but i am little bit confused about string'
Here is my code which work perfect and secured from sql injection
$connect = new PDO("mysql:host = localhost;dbname=sqlitest" , "root" , "");
$catId = $_GET["Id"]; //Id = int eg:1
$query = "select * from viewimage where ImageCategory =? ";
$result = $connect->prepare($query);
$result->execute(array($catId));
$result->setFetchMode(PDO::FETCH_ASSOC);
while($fetch = $result->fetch()):
$img = $fetch["Image"];
echo "<img src='img/event/$img' height='300px' width='300px'>";
endwhile;
but when $catId = $_GET["Id"];
where Id is a string string eg: ColorDay and i try
localhost/test/view.php?id=ColorDay'
no image display in above case if I put
localhost/test/view.php?id=1'
result same and redirect on same page containing image,which command should i use to secured from 'No Image Result' in string