Using 'LIKE' operator with mysql_real_escape_string

[mattspriggs28]

Hi,

 

What is the correct syntax for creating an sql query that combines the LIKE operator with mysql_real_escape_string?

 

The following doesn't seem to work:

 

$sql = sprintf("Select * from " . TBL_PREFIX . "_operators where id = %s or company_name LIKE '%%s%'", 
mysql_real_escape_string($_POST['operator_quick_search']), 
mysql_real_escape_string($_POST['operator_quick_search']));

 

Thanks 

[PFMaBiSmAd]

You need to double the %% to get it to be treated as a literal % within a sprintf() -

$sql = sprintf("Select * from " . TBL_PREFIX . "_operators where id = %s or company_name LIKE '%%%s%%'",