Hi, i have a query without sprintf & mysql_real_escape_string like this: $query_src = "SELECT * FROM ability WHERE software LIKE '$theWord,%' OR software LIKE '%,$theWord,%' OR software LIKE '%,$theWord'"; $result_query = mysql_query($query_src,$connection) or die (mysql_error()); PHP: but i want to use this query with mysql_real_escape_string, could someone here convert the query script as i wish please. my problem is i dont understand how to use %s in sprintf here in my query case. i have read http://id.php.net/sprintf and http://id.php.net/mysql_real_escape_string, but still have problem with it. Thank you B4
I dont think that you need this. just use % in your query once like this: $theWord = mysql_real_escape_string($_POST['q']); //but i prefere addslashes... $query_src = "SELECT * FROM ability WHERE software LIKE '%$theWord%'"; /* if search query is 'apple' this query would match: - APPLE - Apple - Apples - apple and so on... */ PHP:
Why the query should be like that is because the content of table 'ability' is like this: ID -- SOFTWARE 1 -- 1,2,4,6,10,13 2 -- 3,7,9,1314 3 -- 3,4,5,6,13,15 4 -- 1,10,15 5 -- 13,14,15 for example, if i want to get data where software is = 13. Is it OK if i dont use sprintf as the query that you give?
Yes it is. Using sprintf with LIKE queries can actually get confusing at times because in order to use % with sprintf you need to double them up to escape them. $a = mysql_real_escape_string($a); $b = mysql_real_escape_string($b); $sql = 'SELECT * FROM TABLE WHERE a LIKE \'%s,%%\' OR b LIKE \'%%%s,%%\''; $query = sprintf($sql, $a, $b); PHP: