Error in the database query to avoid an injection sql php

Navigation
1

I'm trying to avoid SQL injection. I have the problem when executing the query.

By clicking on the "search" button on the form, enter conditional if ($ok = "false") and display as% "Error al ejecutar la consulta" .

I have already verified the fields in the database and it seems that everything is fine and should skip that condition and enter else .

Here I leave the fields of the database: 

CODART, SECCION, NOMBREARTICULO, PRECIO, FECHA, IMPORTADO, PAISDEORIGEN

And here I leave my code: 

<?php 
$db_host = "localhost"; 
$db_nombre = "db_prueba"; 
$db_usuario = "root"; 
$db_pass = ""; 

$busqueda = $_GET["buscar"]; 

$conexion = mysqli_connect($db_host, $db_usuario, $db_pass) or die ("No se pudo conectar" . mysqli_error($conexion)); 
mysqli_select_db($conexion, $db_nombre) or die ("No se pudo conectar a la base de datos");
mysqli_set_charset($conexion, "utf8"); 

$query = "SELECT CODART, SECCION, PRECIO, PAISDEORIGEN FROM PRODUCTOS WHERE PAISDEORIGEN = ?"; 
$result = mysqli_prepare($conexion, $query); 
$ok = mysqli_stmt_bind_param($result, "s", $busqueda); 
$ok = mysqli_stmt_execute($result); 

if ($ok == "false"){ 
    echo "Error al ejecutar la consulta";
} else { 
    $ok = mysqli_stmt_bind_result($result, $codart, $seccion, $precio, $pais);
    echo "<h2>Articulos encontrados: </h2>"; 

    while (mysqli_stmt_fetch($result)){
        echo $codart. " ". $seccion. " ". $precio. " ". $pais. "<br>";
    } 
    mysqli_stmt_close($result); 
}
?>
    
asked by Kendryj95 01.11.2016 в 05:03
source

1 answer

0

mysqli-stmt.execute returns a Boolean value 1 ó 0 , change your if 

if ($ok){ 
   $ok = mysqli_stmt_bind_result($result, $codart, $seccion, $precio, $pais);
   /* Demás líneas */
  }
  else
  {  
  echo "Error al ejecutar la consulta";  
  }
}
    
answered by 01.11.2016 в 05:30
How to show the main image when sharing on Facebook with Laravel Arrayadapter and android fragment