Solved

MySQL, quote_smart, and LIKE

Posted on 2007-11-24
4
556 Views
Last Modified: 2013-12-12
I have a database app that needs to check if a first name/last name combination already exists in the database, and if a first name/last name combination LIKE the submitted names exists.

I have the following working:
-------------------------------------------------------------------------------
// check that the submitted first name and last name do not exist in the database
$sql_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name=%s AND last_name=%s",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_name_check=mysql_query($sql_name_check);

Do some stuff
-------------------------------------------------------------------------------

but the following does NOT return a LIKE match
-------------------------------------------------------------------------------
// check that the submitted first name and last name are not LIKE an existing name in the database
$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%%s%' AND last_name LIKE '%%s%'",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_like_name_check=mysql_query($sql_like_name_check);

Do some other stuff
-------------------------------------------------------------------------------

What is the proper query using quote_smart() to run the LIKE query?

Thanks.

Alan

// quote_smart (quote variable to make safe)
function quote_smart($value) {
        // Stripslashes
      if (get_magic_quotes_gpc()) {
            $value = stripslashes($value);
            }
      // Quote if not a number or a numeric string
      if (!is_numeric($value)) {
            $value = "'" . mysql_real_escape_string($value) . "'";
            }
      return $value;
      }

0
Comment
Question by:alanpollenz
  • 2
4 Comments
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 250 total points
ID: 20343613
the issue, I guess, is here the %% within the sprintf... as that means a litteral % character...
you will need %%%s%% instead of %%s%...

let's see if this goes better:

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%%%s%%' AND last_name LIKE '%%%s%%'",
      quote_smart($first_name),
      quote_smart($last_name));
$sql_like_name_check=mysql_query($sql_like_name_check);
0
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 250 total points
ID: 20343615
you don't need the sprintf stuff, just use string function

$sql_name_check = "SELECT first_name, last_name FROM tm_users WHERE first_name=".quote_smart($first_name)." AND last_name="quote_smart($last_name);
$sql_name_check=mysql_query($sql_name_check);

and

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE '%". quote_smart($first_name)."%' AND last_name LIKE '%".quote_smart($last_name)."%'",
0
 

Author Comment

by:alanpollenz
ID: 20343885
Thanks guys.  Unfortunately, neither one of the above worked; however, you did get me thinking in a related direction, so I'll split the points.

Here's what I got to work:

$sql_like_name_check = sprintf("SELECT first_name, last_name FROM tm_users WHERE first_name LIKE %s AND last_name LIKE %s",
      quote_smart("%$first_name%"),
      quote_smart("%$last_name%"));
$sql_like_name_check=mysql_query($sql_like_name_check);

Note the literal inside the quote_smart call.

Thanks again.

Alan
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 20343896
yes, overlooked that :-)
glad we could help
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question