I have the following code:
mysql_query("SELECT * FROM list WHERE name LIKE '%'$searchTerm'%' OR description LIKE '%'$searchTerm'%';");
The only problem is, in pure SQL, such a query woul开发者_运维问答d look like:
SELECT * FROM list WHERE name LIKE '%asdf%' OR description LIKE '%asdf%'
What I'm confused about is how to put my variables into the string properly, normally a variable in a mysql_query would be surrounded by single quotes, but the addition of the single quotes in the SQL itself is confusing me.
I tried concatenating with . but I don't think that's a good solution.
mysql_query("SELECT * FROM list WHERE name LIKE '%$searchTerm%' OR description LIKE '%$searchTerm%';");
Why won't you just...
echo "SELECT * FROM list WHERE name LIKE '%$searchTerm%' OR description LIKE '%$searchTerm%';"
...and see how the query actually will look like..
I don't know PHP, but I suggest to use a replace function to manage the character "'" into $searchterm. This also allow to avoid sql injections..
This is the clearest way to me, using "." to concatenate:
mysql_query("SELECT * FROM list WHERE name LIKE '%".$searchTerm."%' OR description LIKE '%".$searchTerm."%'");
Try and use that, it should work on what you're trying :)
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论