Home > Software engineering >  How can I modify the code to avoid SQL-injection attack?
How can I modify the code to avoid SQL-injection attack?

Time:08-24

I need to implement a fuzzy search for two fields, businessName and businessAddress. Both of them can be null. If one field is null, search should be based on the other field.

To be specific,

  • if businessName="name" and businessAddress="address" then execute select * from business where businessName like '%name%' and businessAddress like '
  • Related