Menu
I have the following sql (a simplification of the real problem):
SELECT *
FROM t
WHERE myname LIKE '%{$input}%';
How do I escape the $input?
I can't use the quoteInto (unless I miss something).
As
$sql=$DB->quoteInto("SELECT *
FROM t
WHERE myname LIKE '%?%'",$input);
Will give me
SELECT *
FROM t
WHERE myname LIKE '%'my input'%';
and
$sql=$DB->quoteInto("SELECT *
FROM t
WHERE myname LIKE ?",'%'.$input.'%');
Will give me something on the lines:
SELECT *
FROM t
WHERE myname LIKE '\%my input\%';
296
The last option is works out well for me i've not experienced it escaping '%'. So $db->quote('%'.$_GET['query'].'%') outputs %queryvalue%
95
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
