I know this question must have been asked most often.
But I just want to know if this code can protect me from sql injection attack as percent is quoted in single. Am just worried in case of any possible attack
Can someone throws more light on this LIKE QUERY, or if there is any other better way thanks
$s =$_POST['data'];
include(pdo.php);
$stmt = $db->prepare('SELECT * FROM users where name like :name OR country like :country limit 6');
$stmt->execute(array(
':name' => '%'.$s.'%',
':country' => '%'.$s.'%'
));
while ($row = $stmt->fetch()){
//
}
