<?php $search = 'a\' UNION (SELECT 1, fname, username, password FROM users);--'; $keywords = ["SELECT", "FROM", "WHERE", "LIKE", "AND", "OR", "ON","UNION", "JOIN"]; $patterns = '/\b(' . implode('|', $keywords) . ')\b/i'; $query = 'SELECT * FROM shopping WHERE title LIKE \'%%%s%%\''; if (preg_match($patterns, $search)) { $query = preg_replace($patterns, '$1JERRY', $query); } printf($query, $search);
You have javascript disabled. You will not be able to edit any code.