[nycphp-talk] escaping % and _ in a MySQL query
David Mintz
dmintz at davidmintz.org
Mon Nov 1 15:21:01 EST 2004
OK then, in light of all the above, how's this look?
$input = str_replace(
array('_','%'), array('^_','^%'),
mysql_escape_string($input));
$SQL = "SELECT columns FROM table
WHERE column like '$input' ESCAPE '^'";
WORKSFORME, FWIW. PS: Is there something sacred about the control
character ^, or is it just one among several worthy candidates?
---
David Mintz
http://davidmintz.org/
$world =~ s|<bush[^>]*>.+</bush>||is;
More information about the talk
mailing list