DEV Community

loading...

Discussion on: Add google-like search query to your website or Database

Collapse
trinly01 profile image
Trinmar Boado Author • Edited

What is not safe on the code?
the $_GET['regex'] was bound thru $stmt->execute()

There's no difference in safety between passing all the parameters as an array to execute, or using bindParam or bindValue.

Tried this simple injection and it doesn't work
api.php?regex='or''='