MySQL LIKE + php sprintf

前端 未结 5 2268
陌清茗
陌清茗 2021-02-13 13:34
$test = sprintf(\"SELECT * FROM `table` WHERE `text` LIKE \'%%s%\'\", mysql_real_escape_string(\'test\'));

echo $test;

output:

SELECT          


        
相关标签:
5条回答
  • 2021-02-13 13:36
    $test = "SELECT * FROM `table` WHERE `text` LIKE '%s%'" . mysql_real_escape_string('test');
    
    echo $test;
    
    0 讨论(0)
  • 2021-02-13 13:38

    You’re jumbling contexts. For consistency, put the things that aren't inside the SQL single quotes outside of the sprintf() format string:

    $test = sprintf(
              "SELECT * FROM `table` WHERE"
                . "`xt` LIKE '%s'",
              "%" . mysql_real_escape_string("test") . "%"
            );
    
    0 讨论(0)
  • 2021-02-13 13:41

    Try:

    $test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%%s%%'", mysql_real_escape_string('test'));
    

    In sprintf, if you want to get a % sign, you have to insert %%. So it's %% for the first wildcard %, %s for the string itself and %% for the last wildcard %.

    0 讨论(0)
  • 2021-02-13 13:53

    You need to escape the percent signs with a percent sign %%.

    $test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%%s%%'", mysql_real_escape_string('test'));
    
    echo $test;
    
    0 讨论(0)
  • 2021-02-13 14:02
    ... LIKE '%%%s%%'", mysql_real_escape_string('test'));
    

    To print the % character you need to escape it with itself. Therefore the first two %% will print the % character, while the third one is for the type specifier %s. You need a double %% at the end as well.

    0 讨论(0)
提交回复
热议问题