0

I want to prevent sql injection as well as want to use REGEXP to get similar results in the same query. I know I prevent sql injection like this

 $this->getAdapter()->fetchAlll("SELECT * FROM $this->_table WHERE email = ? ", array($email));

Now I have another query in which I am using REGEXP to get similar results on the basis of first 3 and last three characters. My query looks like this

$this->_adapter->fetchAll("SELECT country_name FROM $this->_name WHERE country_name REGEXP '^$front' OR country_name REGEXP '$end$'");

Putting ^ in begin while using REGEXP means you want to compare from start and using $ at end means you want to compare from end.

So Now I want to ask how can I write the above query to prevent sql injection as of the above query?

Improve this question

1 Answer 1

Reset to default
2

Try the following

$query = "SELECT country_name
              FROM $this->_name
          WHERE country_name REGEXP ? OR
                country_name REGEXP ?";
$this->_adapter->fetchAll($query, array('^'.$front, $end.'$'));
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.