(feat): added sql injection prevention in search keyword

2025-12-20 03:29:35 +05:30 · 2023-12-10 19:00:39 +05:30
parent 2c51a048f6
commit 6a7e646df2
1 changed files with 3 additions and 2 deletions
--- a/htdocs/core/handle_search.php
+++ b/htdocs/core/handle_search.php
@@ -2,17 +2,18 @@
 require '../../connection.php';
 require 'query_functions.php';

-function input_filter($data){
+function input_filter($conn, $data){
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
+    $data = mysqli_real_escape_string($conn, $data);
    return $data;
 }

 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (isset($_POST['keyword'])) {
        $keyword = $_POST['keyword'];
-        $keyword = input_filter($keyword);
+        $keyword = input_filter($conn, $keyword);
        $results_array = [
            $results_projects = fetch_search_results_projects($conn, $keyword),
            $results_socials = fetch_search_results_socials($conn, $keyword),