Kod
$sql = "SELECT
".DB_PREFIX."films.id,
".DB_PREFIX."films.title,
".DB_PREFIX."films.kategoria,
".DB_PREFIX."films.miniaturka,
".DB_PREFIX."films.id_autor,
".DB_PREFIX."films.name_autor,
".DB_PREFIX."films.dodano,
".DB_PREFIX."films.wyswietlen,
".DB_PREFIX."films.ocena,
".DB_PREFIX."films.ile,
COUNT(lp) AS il_kom FROM ".DB_PREFIX."films
LEFT JOIN ".DB_PREFIX."komentarze ON (".DB_PREFIX."komentarze.id=".DB_PREFIX."films.id)
WHERE ".DB_PREFIX."films.title or ".DB_PREFIX."films.name_autor LIKE '%".mysql_real_escape_string($szukany_tekst)."%'
GROUP BY ".DB_PREFIX."films.id ORDER BY ".DB_PREFIX."films.dodano";
".DB_PREFIX."films.id,
".DB_PREFIX."films.title,
".DB_PREFIX."films.kategoria,
".DB_PREFIX."films.miniaturka,
".DB_PREFIX."films.id_autor,
".DB_PREFIX."films.name_autor,
".DB_PREFIX."films.dodano,
".DB_PREFIX."films.wyswietlen,
".DB_PREFIX."films.ocena,
".DB_PREFIX."films.ile,
COUNT(lp) AS il_kom FROM ".DB_PREFIX."films
LEFT JOIN ".DB_PREFIX."komentarze ON (".DB_PREFIX."komentarze.id=".DB_PREFIX."films.id)
WHERE ".DB_PREFIX."films.title or ".DB_PREFIX."films.name_autor LIKE '%".mysql_real_escape_string($szukany_tekst)."%'
GROUP BY ".DB_PREFIX."films.id ORDER BY ".DB_PREFIX."films.dodano";
Czy jest bezpieczne?
