I want to make below sql injection proof mysql query. It's rough outline is given below
<?php
$sizes=$_GET['sizes'];
$prices=$_GET['prices'];
$type=$_GET['type'];
//TYPE MAY BE 1 OR 1,2, OR NOTHING
// PRICE MAY BE RANGE 0-25, OR 0-25,25-50, OR NOTHING
// SIZE MAY BE 1, OR 1,2,3, OR NOTHING
$host = "";
$username = "";
$password = "";
$db = "";
// CONNECT TO DATABASE
$query = "SELECT * from zonez WHERE "
if(isset($_POST["zonesize"])){
$filter = //comma seperated string of values
$query .= " AND zonesize IN('".$filter."')";
}
if(isset($_POST["zoneprice"])){
$filter = //comma seperated string of values
$query .= " AND zoneprice IN('".$filter."')";
}
if(isset($_POST["zonetype"])){
$filter = //comma seperated string of values
$query .= " AND zonetype IN('".$filter."')";
}
AND GROUP THESE ABOVE RESULTS BY webname
fetchAll(PDO::FETCH_ASSOC); RESULTS HERE
FETCH wename here
?>
Code must be complete from connecting to database and producing required result along with sql injection proof.
Hello Sir,
We have expert web developer .someone have more than 5 year experience.
I read your requirement & we are able to complete your task on time.
I promise quick turnaround times, unlimited revisions, great customer service and 100% quality work.
please message me for more discussion about task.
Thank You
Nexis Infotech.
Hello Sir, I have read your job description regarding mysql query with filters.
I have 6+ year of experience in MySQL, PHP.
I have strong expertise to accomplish this project in decided time frame.
Lets discuss in detail so that we never skip basic thing during project implementation.
Thanks & Regards
HI, I AM A PHP PROGRAMMER AND WEB DEVELOPER. I HAVE A LOT OF EXPERIENCE IN PHP CODING
AND DIFFERENT KINDS OF SCRIPTING LANGUAGES. I HAVE DEVELOPED MANY DYNAMIC WEBSITES USING PHP AND MYSQL.
I CAN MAKE SURE WHAT YOU NEED. PLEASE SHARE FURTHER INFORMATION.
THANKS
Dear employer,
I have seen your specific requirement regarding the SQL and filters. I would like to offer my service for the same as I found this well within my capabilities.
I have a vast experience of about 10 plus years total in web development field as PHP my SQL and WordPress developer.
Further come on chat to discuss more regarding your requirement.
Thanks
Im professional with mysql and i can fix this code.
Your code will be complete from connecting to database and producing required result along with sql injection proof.