I'm using PDO to prepare querys, but when I put # or -- (SQL commentaries) it still working (I know PDO won't disable it) how to make it stop? this comments break my whole code. (I want allow to use it but stop breaking)
Eg:
SELECT * FROM something WHERE var=:var AND value=:value
I just put # and this happens
SELECT * FROM something WHERE var=:var# AND value=:value only will check for var/:var
(Assume :var was user input using #)
asked Jul 21, 2012 at 21:23
:varnuminstead of using characters that will break the query?