Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
This is the code that I was using in MySQL_ to pass in a variable from a search form. I am now using MySQLi_ and I wonder what would be the correct way to pass in the variable.
I currently have:
//Get the "Term" from the search box
$query=mysql_real_escape_string($_GET['query']);
$page_str = "SELECT * FROM $tblname WHERE name like '%$query%' or clan like '%$query%'";
$page_query = mysqli_query($con,$page_str)or die(mysql_error($con));
No, you should use
mysqli_real_escape_stringinstead to make that work.As you will not have a
mysql_*database connection open when you usemysqli,mysql_real_escape_stringwill not work.However, I suggest you switch to prepared statements with bound variables and than you don’t need that line at all.