Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

nrao wwwxxx, xxxxxdup, procmail change subject header, wwwXxx not20, Wwwxxx.doks sas, linux raid resync after reboot, bind-address mysql multiple, sanibleone xxxx, ftp://192.168.100.100/, www.xxxcon

Links

XODOX
Impressum

#1: problems with sprintf and escaping %

Posted on 2008-04-11 03:50:50 by nn

i have the following query:

$query = "SELECT * FROM cds WHERE $campo LIKE ('%$busqueda%') ORDER BY
$ordenada";

which i'm trying to change to sprintf to use mysql_real_escape_string
since i've heard that it's better and a more secure way to do queries
, like so:

$query = sprintf("SELECT * FROM cds WHERE '%s' LIKE '%s' ORDER BY
'%s'",
mysql_real_escape_string($campo),
mysql_real_escape_string($busqueda),
mysql_real_escape_string($ordenada)
);

the problem is that i lack the % before and after the $busqueda.
i read that i should escape twice the % ( like so?):

$query = sprintf("SELECT * FROM cds WHERE '%s' LIKE '%%%s%%' ORDER BY
'%s'",
etc...

but obviously i'm doing something wrong since i get 0 results.

how do i express the query above with sprintf, and how do escape
correctly the %?

thank you very much,

NN

Report this message