如何在此$查询中阻止SQL注入。
plz,在答案中显示完整的代码。
$query=explode(' ', $_POST['query']);
$con = @mysqli_connect('localhost', '', '', '37955_index');
if (!$con) {
echo "Error: " . mysqli_connect_error();
exit();
}
$sql = "SELECT * FROM `disk` WHERE ";
$a=0;
foreach ($query as $part){
$a++;
if ($a==1){
$sql .= " title like '%".$part."%'";
}
else{
$sql .= " and title like '%".$part."%'";
}
}
$result = mysqli_query($con, $sql);
while ($row = mysqli_fetch_array($result)){
}