Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to use PDO::quote without getting string surrounded by quotes?

Tags:

sql

php

pdo

I try to use PDO::quote to escape a string in a LIKE expression, so the user string must not be surrounded like in :

LIKE "%userStringToEscape%"

Is there a way to do that ?

like image 680
Leto Avatar asked Dec 01 '11 12:12

Leto


2 Answers

$var = "%userStringToEscape%";
$var = $stmt->quote($var);
$sql = "SELECT * FROM table WHERE field LIKE $var";

same goes for the prepared statements

like image 66
Your Common Sense Avatar answered Sep 25 '22 23:09

Your Common Sense


Use substr($db->quote($var), 1, -1)

Really though, don't. You'll end up with larger problems than the ones you started with.

The clean solution to do this is, of course, $db->quote('%'.$var.'%')

like image 22
Tom van der Woerdt Avatar answered Sep 26 '22 23:09

Tom van der Woerdt