•  18-09-2019
  •  | 
  •  

Question

Quick question: How do I mysqli_escape_string a variable enclosed in a like clause? 

"SELECT * FROM table WHERE name LIKE '%". %s . "%'"

or 

"SELECT * FROM table WHERE name like '%"."%s"."%'"

don't work.

Thanks!

Was it helpful?

Solution 

$value = mysql_real_escape_string($_POST["terms"]);
$query = "SELECT * FROM table WHERE name LIKE '%".$value."%'";

Or you could acheive this with sprintf like this:

$query = sprintf("SELECT * FROM table WHERE name LIKE '%s'", "%".$value."%");
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top