NYCPHP Meetup

NYPHP.org

[nycphp-talk] escaping % and _ in a MySQL query

Ophir Prusak prusak at gmail.com
Sun Oct 31 08:37:42 EST 2004


Since you seem to be using MySQL, and are searching for textual data,
you might want to look into MySQL's fulltext search.

If you're doing LIKE searches, a fulltext search could be a better solution.

Could you give us some more details on the data people can search?


On Sat, 30 Oct 2004 23:35:01 -0400 (EDT), David Mintz
<dmintz at davidmintz.org> wrote:
> 
> Suppose you have a form with a textfield for people to enter a string to
> search for in your database, and you don't want people using % or _ unless
> they mean it literally. This is kind of ugly:
> 
> $input =  preg_replace('/(%|_)/',"\\\\$1",$input);
> $input = mysql_escape_string($input);
> 
> Is this more or less what you should do, or is there a classier solution
> that I'm overlooking?
> 
> ---
> David Mintz
> http://davidmintz.org/
> 
> $world =~ s|<bush[^>]*>.+</bush>||is;
> Oh yeah, I could also use help writing a regex to match strings like
> "<bush />" but I'm hoping it will be moot by Tuesday.
> _______________________________________________
> New York PHP Talk
> Supporting AMP Technology (Apache/MySQL/PHP)
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.newyorkphp.org
>



More information about the talk mailing list