Is this secure enough?
I'm new with PDO, and I just wanted to know if this code:
$string = $_POST['string'];
$matches = $SQL->prepare("SELECT * FROM `users` WHERE `name` LIKE ?");
$matches->execute(array('%'.$string.'%'));
foreach($matches->fetchAll() as $match) {
echo $match["name"开发者_开发问答]."<br/>";
}
Is secure enough? I just wan't to be sure and prevent from hacking.
This code will withdraw all users
from the database with name like in the $string
variable.
Feel free to post your solutions also!
PDO will automatically escape any input given to it before executing the query, so in terms of an SQL injection attack, it is safe.
精彩评论