Solved

MySQL, quote_smart, and LIKE

Posted on 2007-11-24
4
550 Views
Last Modified: 2013-12-12
I have a database app that needs to check if a first name/last name combination already exists in the database, and if a first name/last name combination LIKE the submitted names exists.

I have the following working:
-------------------------------------------------------------------------------
// check that the submitted first name and last name do not exist in the database
$sql_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name=%s AND last_name=%s",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_name_check=mysql_query($sql_name_check);

Do some stuff
-------------------------------------------------------------------------------

but the following does NOT return a LIKE match
-------------------------------------------------------------------------------
// check that the submitted first name and last name are not LIKE an existing name in the database
$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%%s%' AND last_name LIKE '%%s%'",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_like_name_check=mysql_query($sql_like_name_check);

Do some other stuff
-------------------------------------------------------------------------------

What is the proper query using quote_smart() to run the LIKE query?

Thanks.

Alan

// quote_smart (quote variable to make safe)
function quote_smart($value) {
        // Stripslashes
      if (get_magic_quotes_gpc()) {
            $value = stripslashes($value);
            }
      // Quote if not a number or a numeric string
      if (!is_numeric($value)) {
            $value = "'" . mysql_real_escape_string($value) . "'";
            }
      return $value;
      }

0
Comment
Question by:alanpollenz
  • 2
4 Comments
 
LVL 142

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 250 total points
Comment Utility
the issue, I guess, is here the %% within the sprintf... as that means a litteral % character...
you will need %%%s%% instead of %%s%...

let's see if this goes better:

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%%%s%%' AND last_name LIKE '%%%s%%'",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_like_name_check=mysql_query($sql_like_name_check);
0
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 250 total points
Comment Utility
you don't need the sprintf stuff, just use string function

$sql_name_check = "SELECT first_name, last_name FROM tm_users WHERE first_name=".quote_smart($first_name)." AND last_name="quote_smart($last_name);
$sql_name_check=mysql_query($sql_name_check);

and

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%". quote_smart($first_name)."%' AND last_name LIKE '%".quote_smart($last_name)."%'",
0
 

Author Comment

by:alanpollenz
Comment Utility
Thanks guys.  Unfortunately, neither one of the above worked; however, you did get me thinking in a related direction, so I'll split the points.

Here's what I got to work:

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE %s AND last_name LIKE %s",
      quote_smart("%$first_name%"),
      quote_smart("%$last_name%"));
$sql_like_name_check=mysql_query($sql_like_name_check);

Note the literal inside the quote_smart call.

Thanks again.

Alan
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
Comment Utility
yes, overlooked that :-)
glad we could help
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now