问题
$test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%s%'", mysql_real_escape_string('test'));
echo $test;
output:
SELECT * FROM `table` WHERE `text` LIKE '%s
but it should output:
SELECT * FROM `table` WHERE `text` LIKE '%test%'
回答1:
... LIKE '%%%s%%'", mysql_real_escape_string('test'));
To print the % character you need to escape it with itself. Therefore the first two %% will print the % character, while the third one is for the type specifier %s. You need a double %% at the end as well.
回答2:
Try:
$test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%%s%%'", mysql_real_escape_string('test'));
In sprintf, if you want to get a % sign, you have to insert %%. So it's %% for the first wildcard %, %s for the string itself and %% for the last wildcard %.
回答3:
You need to escape the percent signs with a percent sign %%.
$test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%%s%%'", mysql_real_escape_string('test'));
echo $test;
回答4:
You’re jumbling contexts. For consistency, put the things that aren't inside the SQL single quotes outside of the sprintf() format string:
$test = sprintf(
"SELECT * FROM `table` WHERE"
. "`xt` LIKE '%s'",
"%" . mysql_real_escape_string("test") . "%"
);
回答5:
$test = "SELECT * FROM `table` WHERE `text` LIKE '%s%'" . mysql_real_escape_string('test');
echo $test;
来源:https://stackoverflow.com/questions/3863199/mysql-like-php-sprintf