?
Solved

MySQL, quote_smart, and LIKE

Posted on 2007-11-24
4
Medium Priority
?
566 Views
Last Modified: 2013-12-12
I have a database app that needs to check if a first name/last name combination already exists in the database, and if a first name/last name combination LIKE the submitted names exists.

I have the following working:
-------------------------------------------------------------------------------
// check that the submitted first name and last name do not exist in the database
$sql_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name=%s AND last_name=%s",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_name_check=mysql_query($sql_name_check);

Do some stuff
-------------------------------------------------------------------------------

but the following does NOT return a LIKE match
-------------------------------------------------------------------------------
// check that the submitted first name and last name are not LIKE an existing name in the database
$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%%s%' AND last_name LIKE '%%s%'",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_like_name_check=mysql_query($sql_like_name_check);

Do some other stuff
-------------------------------------------------------------------------------

What is the proper query using quote_smart() to run the LIKE query?

Thanks.

Alan

// quote_smart (quote variable to make safe)
function quote_smart($value) {
        // Stripslashes
      if (get_magic_quotes_gpc()) {
            $value = stripslashes($value);
            }
      // Quote if not a number or a numeric string
      if (!is_numeric($value)) {
            $value = "'" . mysql_real_escape_string($value) . "'";
            }
      return $value;
      }

0
Comment
Question by:alanpollenz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 750 total points
ID: 20343613
the issue, I guess, is here the %% within the sprintf... as that means a litteral % character...
you will need %%%s%% instead of %%s%...

let's see if this goes better:

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%%%s%%' AND last_name LIKE '%%%s%%'",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_like_name_check=mysql_query($sql_like_name_check);
0
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 750 total points
ID: 20343615
you don't need the sprintf stuff, just use string function

$sql_name_check = "SELECT first_name, last_name FROM tm_users WHERE first_name=".quote_smart($first_name)." AND last_name="quote_smart($last_name);
$sql_name_check=mysql_query($sql_name_check);

and

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%". quote_smart($first_name)."%' AND last_name LIKE '%".quote_smart($last_name)."%'",
0
 

Author Comment

by:alanpollenz
ID: 20343885
Thanks guys.  Unfortunately, neither one of the above worked; however, you did get me thinking in a related direction, so I'll split the points.

Here's what I got to work:

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE %s AND last_name LIKE %s",
      quote_smart("%$first_name%"),
      quote_smart("%$last_name%"));
$sql_like_name_check=mysql_query($sql_like_name_check);

Note the literal inside the quote_smart call.

Thanks again.

Alan
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 20343896
yes, overlooked that :-)
glad we could help
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question