Categories > TinyButStrong general >

sql injection protection . using LIKE instead of =

The forum is closed. Please use Stack Overflow for submitting new questions. Use tags: tinybutstrong , opentbs
By: shashi
Date: 2011-09-18
Time: 13:43

sql injection protection . using LIKE instead of =

Hi,

How do I ensure that there is SQL inejection protection when using the LIKE.
example

select a,b,c from table where (a=%1%) , $a  - is in the example
how do I rewrite if the query is something like
select a,b,c from table where a like 'a%' - to search for something starting with a .

an example like this is not working:

$query = "select a,b,c  from table where (a=%1%) and (b like '%2%') , $a, '$b%'";
$result = $a1db->GetRows($query);

Thanks,
Shashi
By: Skrol29
Date: 2011-09-18
Time: 20:53

Re: sql injection protection . using LIKE instead of =

Hi,

I guess your question is about TbsSQL.

Something like this should work:
$query = "select a,b,c  from table where (a=%1%) and (b like '%2%')";
$result = $a1db->GetRows($query, $a, $b.'%');

or:
$query = "select a,b,c  from table where (a=%1%) and (b like '%2%%')";
$result = $a1db->GetRows($query, $a, $b);