loading...

re: Add google-like search query to your website or Database VIEW POST

TOP OF THREAD FULL DISCUSSION
re: That's great! But do not do this in production 😬 You should always sanitize the user input and never ever use a query param in your SQL, as that's ...
 

What is not safe on the code?
the $_GET['regex'] was bound thru $stmt->execute()

There's no difference in safety between passing all the parameters as an array to execute, or using bindParam or bindValue.

Tried this simple injection and it doesn't work
api.php?regex='or''='

code of conduct - report abuse