please see the below code this works fine with mysqli method but prone to sql injection so i want to use prepare but for LIKE i cant use it
$t=strtolower($_POST['e']);
$search_exploded = explode ( " ", $t );
$construct = '';
foreach( $search_exploded as $search_each ) {
$construct .="AND title LIKE ? ";
}
$query=$conn->prepare( "SELECT * FROM vdo WHERE 1 $construct ");
$query->execute(["%$search_each%"]);
$found=$query->rowCount();
if($found == 0){
echo "NO Result Found";
}else{
while($row_id1=$query->fetch(PDO::FETCH_ASSOC)){
echo $title=$row_id1['title'];
}
What I have tried:
please see the below code this works fine with mysqli method but prone to sql injection so i want to use prepare but for LIKE i cant use it