fxuser Posted February 11, 2011 Share Posted February 11, 2011 So i have this simple query running each time i write something in an input text via Ajax: $query = mysql_query("SELECT names FROM users WHERE names LIKE '$names%'"); while($row = mysql_fetch_assoc($query)){ echo $row['names']; } the problem is that i can easily type %,<,^ and whatever else multiple times and then get all the results... which is not what i want... how can i make it so when the user types such symbols not to get anything ? Thanks. Link to comment https://forums.phpfreaks.com/topic/227399-like-problem/ Share on other sites More sharing options...
Jessica Posted February 11, 2011 Share Posted February 11, 2011 sanitize your user input. You could use str_replace or a regular expression. Link to comment https://forums.phpfreaks.com/topic/227399-like-problem/#findComment-1172942 Share on other sites More sharing options...
fxuser Posted February 11, 2011 Author Share Posted February 11, 2011 im using atm : $bad_symbols = array("%", "^", "<"); $newvar = str_replace($bad_symbols, " ", $phrase); but the last "<" doesnt seem to get replaced.. how can i find if there are others symbols too that can give me all the results so i can replace them? thanks Link to comment https://forums.phpfreaks.com/topic/227399-like-problem/#findComment-1172947 Share on other sites More sharing options...
fenway Posted February 13, 2011 Share Posted February 13, 2011 That's a PHP issue, now, isn't it? Link to comment https://forums.phpfreaks.com/topic/227399-like-problem/#findComment-1173600 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.