Trying to sanitize the following SQL query to prevent injection
$keyword = $_POST['keyword'];
$query = mysqli_query($conn, "SELECT p.name AS productname, p.manufacturer, p.productid, p.sku AS productsku, p.ean, p.weight, p.categories, s.name AS stockname, s.sku AS stocksku, s.qty, s.sellprice, s.costprice, d.distyname, d.lastupdated, m.image FROM stock s LEFT OUTER JOIN products p ON p.productid = s.prodid INNER JOIN distributor d ON d.distyid = s.distributorid LEFT OUTER JOIN media m ON s.sku = m.sku WHERE s.sku LIKE '%$keyword%' ORDER BY `stocksku`");
while($fetch = mysqli_fetch_array($query)){
Have tried the following but it will only display the result correctly if the SKU 100% matches, whereas the original query will shows similar matches too
$query = 'SELECT p.name AS productname, p.manufacturer, p.productid, p.sku AS productsku, p.ean, p.weight, p.categories, s.name AS stockname, s.sku AS stocksku, s.qty, s.sellprice, s.costprice, d.distyname, d.lastupdated, m.image FROM stock s LEFT OUTER JOIN products p ON p.productid = s.prodid INNER JOIN distributor d ON d.distyid = s.distributorid LEFT OUTER JOIN media m ON s.sku = m.sku WHERE s.sku LIKE ? ORDER BY `stocksku`';
$stmt = $conn->prepare($query);
$stmt->bind_param('s', $keyword);
$stmt->execute();
$result = $stmt->get_result();
$fetch = $result->fetch_assoc()
Can anyone advise where i'm going wrong? Thanks
