My query is working fine but i want refine this query, for example some pass a string like: silver's, gold's etc then how it will work? it don't work problem for characters like '," etc select product.productid from product where product.product_title like '%".$_GET["srchStr"]."%' Code (markup): any one can help?
You basically need to escape or remove the special characters. What database type (MySQL, MSSQL, etc) is this and how are you accessing it? Assuming MySQL and PHP: select product.productid from product where product.product_title like '%".mysql_real_escape_string($_GET["srchStr"])."%' Code (markup): Also, when you are querying a database, you should always use mysql_real_escape_string or clean the input before inserting it into a query. The code you had is completely vulnerable to SQL injection. http://www.unixwiz.net/techtips/sql-injection.html