Skip to content
Carlo Fontanos
Carlo Fontanos

Carlo Fontanos

Software Engineer

I build web applications and share what I learn along the way.

© 2026

PHP

37 tutorials

Step-by-step programming tutorials on PHP, JavaScript, Laravel, WordPress and more.

PHP Intermediate

Your LIKE Search Has a Wildcard Injection Bug

Prepared statements stop SQL injection - but % and _ sail straight through into LIKE patterns, letting users dump whole tables or run pathological scans. The fix is three characters of escaping.

2 min 381