I'm using PDO to prepare querys, but when I put # or -- (SQL commentaries) it still working (I know PDO won't disable it) how to make it stop? this comments break my whole code. (I want allow to use it but stop breaking)
Eg:SELECT * FROM something WHERE var=:var AND value=:value
I just put # and this happensSELECT * FROM something WHERE var=:var# AND value=:value only will check for var/:var
(Assume :var was user input using #)
Enclose your variables with single quotes:
SELECT * FROM something WHERE var=':var#' AND value=':value'