In my PHP project I use the code below:
$all_text_filter = '';
if(isset($_REQUEST['q'])) {
if($_REQUEST['q'] != '') {
$all_text_filter = $_REQUEST['q'];
$all_text_filter = ' AND (r.recipe_name LIKE "%'.$all_text_filter.'%")';
}
}
$all_text_filter = '';
if (isset($_REQUEST['q']) && $_REQUEST['q'] != '') {
$search_terms = explode(' ', $_REQUEST['q']);
$text_conditions = [];
foreach ($search_terms as $term) {
$term = trim($term);
if (!empty($term)) {
$text_conditions[] = '(r.recipe_name LIKE "%' . $term . '%" OR ri.ingredient_name IS NOT NULL AND ri.ingredient_name LIKE "%' . $term . '%")';
}
}
if (!empty($text_conditions)) {
$all_text_filter = ' AND (' . implode(' OR ', $text_conditions) . ')';
}
}
How can I secure the code for MySQL injections and prevent the users from entering malicious code in the input field?