<?php
if(!empty($_POST['code'])){
$code = strtoupper($code);
$param[':code'] = $_POST['code'];
$sql .= 'AND `code` = :code';
}
?>
strtoupper don't working. Why? Any advices?
Asked
Active
Viewed 1,793 times
-6
Justin
- 3
- 4
-
3You need to define `$code` first. You can't `strtoupper()` what doesn't exist. – Funk Forty Niner Apr 15 '17 at 21:04
-
1You're not using the result. `$code = strtoupper($code)` but after that you're using the original `$_POST['code']`, which is still lowercase. – rickdenhaan Apr 15 '17 at 21:06
-
Here `if(!empty($_POST['code'])){ $code = $_POST['code']; $code = strtoupper($code);` *give that a whirl* – Funk Forty Niner Apr 15 '17 at 21:08
-
and if that fails ^ then your POST array failed/html form and/or something else you didn't share – Funk Forty Niner Apr 15 '17 at 21:09
-
Are you building a SQL statement here? If so, this is not a secure way to do it - you may introduce a SQL injection vulnerability. – halfer Apr 15 '17 at 21:09
-
not working.. ppl dont give me that - sign.. ihave searched for answer and dont find it, tahts why i asked here... – Justin Apr 15 '17 at 21:41
-
@halfer take a close look, it's the secure way, as it's my code, I'm building the parameter array for the prepared statement cf http://stackoverflow.com/a/43381191/5546267 – Blag Apr 15 '17 at 23:30
-
1Ooh, nice work @Blag - bound parameters! – halfer Apr 15 '17 at 23:35
2 Answers
0
You need to sanitize this. As it appears you are trying to build a SQL query.
However, try something like this...
<?php
if(!empty($_POST['code'])){
$code = strtoupper($code);
$sql .= 'AND `code` = ' . $code;
}
?>
Keith Connolly
- 386
- 2
- 9
0
$code is useless, just use $_POST
if(!empty($_POST['code'])){
$param[':code'] = strtoupper($_POST['code']);
$sql .= 'AND `code` = :code';
}
Blag
- 5,818
- 2
- 22
- 45