problems with sprintf and escaping %am 11.04.2008 03:50:50 von nn
i have the following query:
$query = "SELECT * FROM cds WHERE $campo LIKE ('%$busqueda%') ORDER BY
which i'm trying to change to sprintf to use mysql_real_escape_string
since i've heard that it's better and a more secure way to do queries
, like so:
$query = sprintf("SELECT * FROM cds WHERE '%s' LIKE '%s' ORDER BY
the problem is that i lack the % before and after the $busqueda.
i read that i should escape twice the % ( like so?):
$query = sprintf("SELECT * FROM cds WHERE '%s' LIKE '%%%s%%' ORDER BY
but obviously i'm doing something wrong since i get 0 results.
how do i express the query above with sprintf, and how do escape
correctly the %?
thank you very much,