phppaper Posted November 8, 2010 Share Posted November 8, 2010 I have a query: $query ="select * FROM telephone_admin where name Like ' ".$_GET['answer']." ' "; I would like to add % before and after so that the query will search for result which contains the PHP variable $_GET['answer'] before or after, but the problem is how can I add % before or after ' ".$_GET['answer']." ' within the query?? Thanks! Link to comment https://forums.phpfreaks.com/topic/218078-php-variable-in-a-query-with-like-condition-syntax-question/ Share on other sites More sharing options...
trq Posted November 8, 2010 Share Posted November 8, 2010 $query ="select * FROM telephone_admin where name Like '%" . $_GET['answer'] . "% ' "; You should not use the $_GET array directly within a query like that either. see mysql_real_escape_string and make sure you sanatize user inputted data. Link to comment https://forums.phpfreaks.com/topic/218078-php-variable-in-a-query-with-like-condition-syntax-question/#findComment-1131656 Share on other sites More sharing options...
phppaper Posted November 8, 2010 Author Share Posted November 8, 2010 Thanks for the advice!! Link to comment https://forums.phpfreaks.com/topic/218078-php-variable-in-a-query-with-like-condition-syntax-question/#findComment-1131658 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.