Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

MySQL, quote_smart, and LIKE

Posted on 2007-11-24
4
Medium Priority
?
577 Views
Last Modified: 2013-12-12
I have a database app that needs to check if a first name/last name combination already exists in the database, and if a first name/last name combination LIKE the submitted names exists.

I have the following working:
-------------------------------------------------------------------------------
// check that the submitted first name and last name do not exist in the database
$sql_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name=%s AND last_name=%s",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_name_check=mysql_query($sql_name_check);

Do some stuff
-------------------------------------------------------------------------------

but the following does NOT return a LIKE match
-------------------------------------------------------------------------------
// check that the submitted first name and last name are not LIKE an existing name in the database
$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%%s%' AND last_name LIKE '%%s%'",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_like_name_check=mysql_query($sql_like_name_check);

Do some other stuff
-------------------------------------------------------------------------------

What is the proper query using quote_smart() to run the LIKE query?

Thanks.

Alan

// quote_smart (quote variable to make safe)
function quote_smart($value) {
        // Stripslashes
      if (get_magic_quotes_gpc()) {
            $value = stripslashes($value);
            }
      // Quote if not a number or a numeric string
      if (!is_numeric($value)) {
            $value = "'" . mysql_real_escape_string($value) . "'";
            }
      return $value;
      }

0
Comment
Question by:alanpollenz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 750 total points
ID: 20343613
the issue, I guess, is here the %% within the sprintf... as that means a litteral % character...
you will need %%%s%% instead of %%s%...

let's see if this goes better:

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%%%s%%' AND last_name LIKE '%%%s%%'",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_like_name_check=mysql_query($sql_like_name_check);
0
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 750 total points
ID: 20343615
you don't need the sprintf stuff, just use string function

$sql_name_check = "SELECT first_name, last_name FROM tm_users WHERE first_name=".quote_smart($first_name)." AND last_name="quote_smart($last_name);
$sql_name_check=mysql_query($sql_name_check);

and

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%". quote_smart($first_name)."%' AND last_name LIKE '%".quote_smart($last_name)."%'",
0
 

Author Comment

by:alanpollenz
ID: 20343885
Thanks guys.  Unfortunately, neither one of the above worked; however, you did get me thinking in a related direction, so I'll split the points.

Here's what I got to work:

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE %s AND last_name LIKE %s",
      quote_smart("%$first_name%"),
      quote_smart("%$last_name%"));
$sql_like_name_check=mysql_query($sql_like_name_check);

Note the literal inside the quote_smart call.

Thanks again.

Alan
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 20343896
yes, overlooked that :-)
glad we could help
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
In this article, I’ll talk about multi-threaded slave statistics printed in MySQL error log file.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question