Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
LordPrimes2018-03-30 15:34:55
PHP
LordPrimes, 2018-03-30 15:34:55

How to fix the filter?

Hello, I wrote this code

$query = "SELECT * FROM products WHERE brand =  '".$_POST["category"]."' ";

   $brand = $_POST['category']; 
if (isset($brand)){
  
  $brandsdata =implode(",", $brand);
  $query .= " AND brand IN('$brandsdata')";

}
The essence of the problem is that $brandsdata does not matter made a vardump check
"SELECT * FROM products WHERE brand = 'Gigabyte' AND brand IN('')"
What is my mistake? The post is an array and the imploud should turn it into a string. But for some reason it does not.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Andrey Nikolaev, 2018-03-30
@gromdron

Replace with And more:
Read about SQL Injection

Similar questions
H
Healis2022-01-16 18:03:19
How to apply a gradient to an image so that the gradient does not go beyond the edges? 2Reply
S
sergeybogevolny2015-04-06 21:36:50
Is there an example of interaction between bootstrap wizard form and php? 2Reply
A
Albert Zurabyan2016-06-24 14:55:21
How to hide some object ids from a site from a SQL query? 3Reply
Z
z6Dabrata2012-07-06 21:41:07
What is the best use for displaying datasets? 1Reply
A
Alexey Nikolaev2015-11-30 15:28:35
What is better to use when there is no difference in technical terms - static methods or class instances? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question