How Can i Convert Below mysql script to mysqli or pdo?

<>

This question already has an answer here:

Answers


First of all avoid using mysql_* these functions are deprecated, Your code is vulnrable to SQL Injection, Let say I am a user and if I put %';# in input then your query will return me all result regardless of what conditions you have applied to filter out results,

To avoid SQL Injection you should either sanitize all user inputs using mysqli_real_escape_string before putting it in your query or use PDO Prepared Statements

UPDATE

$k = $_GET["q"];
$con = mysql_connect("localhost", "root", "");
mysql_select_db("x");
$terms=explode(" ",$k);
$i=0;
$set_limit = ("9");
$subi = "";
foreach ($terms as $each) 

{
    $i++;
    $escapedSearchString = mysql_real_escape_string($each);
    if ($i == 1 )
        $subi.= " title LIKE '%$escapedSearchString%' ";
    else
        $subi.= " AND title LIKE '%$escapedSearchString%' ";

    } 
$query = "select SQL_CALC_FOUND_ROWS * from table WHERE $subi order by   rand() limit $set_limit";

$qry = mysql_query("$query");

$row_object = mysql_query("Select Found_Rows() as rowcount");
$row_object = mysql_fetch_object($row_object);
$actual_row_count = $row_object->rowcount;
$result = $actual_row_count;

Using mysqli_*

$k = $_GET["q"];
$con = mysqli_connect("localhost", "root", "");
mysqli_select_db($con,"x");
$terms=explode(" ",$k);
$i=0;
$set_limit = ("9");
$subi = "";
foreach ($terms as $each) 

{
    $i++;
    $escapedSearchString = mysqli_real_escape_string($con,$each);
    if ($i == 1 )
        $subi.= " title LIKE '%$escapedSearchString%' ";
    else
        $subi.= " AND title LIKE '%$escapedSearchString%' ";

    } 
$query = "select SQL_CALC_FOUND_ROWS * from table WHERE $subi order by   rand() limit $set_limit";

$qry = mysqli_query($con,"$query");

$row_object = mysqli_query($con,"Select Found_Rows() as rowcount");
$row_object = mysqli_fetch_object($row_object);
$actual_row_count = $row_object->rowcount;
$result = $actual_row_count;

Need Your Help

Agnostic automated deployment

java python ruby deployment

What do you use to automatically deploy applications for various kinds of server applications (web, socket, daemon) that uses various technologies (different DBs, languages, etc)?

How to create button with rails that add input fields with javascript

javascript jquery ruby-on-rails button

What is the best practice to create a button with a rails form_helper that will generate through Javascript/JQuery new input fields ?