开发者

how can i configure/apply condition to my query to get the result?

问答 作者:

How can i configure to my query.

$query_event ="SELECT * FROM event_lis开发者_如何学Got WHERE even_title='$EventTitle' AND even_loc='$EventLocation' ";

now suppose there is form which requires either put title or put location in the form or u can put both and for blank too so what will be the query?

Please help

thanks

Create a starting query, then add on where clauses

$query_event = "Select * from event_list where 1";

if ( $EventTitle ) {
    $query_event .= " and even_title='$EventTitle'";
}

if ( $event_loc ) {
    $query_event .= " and even_loc='$EventLocation'";
}

If you pass your queries this way, you're going to be very vulnerable to SQL injection.

For example, if someone type "'; DELETE FROM EVENT_LIST" as an Event title in a search screen, he can delete your whole table.

Use these advices to protect your datas : https://www.owasp.org/index.php/PHP_Top_5#P3:_SQL_Injection

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9