As questioned above how can I prevent sql injection by third party if my query for JQuery autocomplete using ajax.
Ajax call:
$result = mysql_query("SELECT patient_name FROM patient where patient_sex like '%Female%' and patient_name LIKE '%".strtoupper($len)."%'");
$data = array();
while ($row = mysql_fetch_array($result)) {
array_push($data, $row['patient_name']);
}
echo json_encode($data);
