Sanitizing Query

[irfannaseefp]

When i use rawQuery function with some comparison operators like > , >= etc, it is getting removed because of the FILTER_SANITIZE_STRING filtering.

Eg:$results = $db->rawQuery("SELECT * FROM locations WHERE MIN_IP<= ? AND MAX_IP>= ?",$params);
the query actually reaching to database is SELECT * FROM locations WHERE MIN_IP= ?

[zQueal]

Something like this MySQLi database class is for quick and dirty jobs; not for sustainable code. For something like what you're attempting to do, you should be using PDO functions to execute queries. They're more safe.

If you're unsure how to get started with PDO, you can use Flight which comes with PDO support built in. It's a more complete framework as well. Simple boilerplate.

[ThingEngineer]

Zachary is correct, this is by design.

Love the micro-framework btw Zachary, at some point in any php coders career (hopefully sooner rather than later) you come to the point when you realize a framework of some type is the only way to manage this beast of a language. I think that writing your own framework (no mater how simple or complex) is something every coder should do for education sake.

Some other good php frameworks: Larvel, FuelPHP, CodeIgniter, CakePHP (not really on that last one...)

[a3020]

I guess you mean Laravel (http://laravel.com)