Secure Search



#ID Title Author

Query Executed:


          

PHP Code:

if ($_GET['all'] == 1)
{
    $query = "SELECT * FROM books;";
}
else if ($_GET['title'] || $_GET['author'])
{
    $query = sprintf("SELECT * FROM books WHERE title = '%s' OR author = '%s';",
                             mysqli_real_escape_string($connection, $_GET['title']),
                             mysqli_real_escape_string($connection, $_GET['author']));
}

if ($query != null)
{
	$result = mysqli_query($connection, $query);

	while (($row = mysqli_fetch_row($result)) != null)
	{
		printf("<tr><td>%s</td><td>%s</td><td>%s</td></tr>", $row[0], $row[1], $row[2]);
	}
}