Laravel-5 'LIKE' equivalent (Eloquent)

Question

I'm using the below code to pull some results from the database with Laravel 5.

BookingDates::where('email', Input::get('email'))->orWhere('name', 'like', Input::get('name'))->get()

However, the orWhereLike doesn't seem to be matching any results. What does that code produce in terms of MySQL statements?

I'm trying to achieve something like the following:

select * from booking_dates where email='my@email.com' or name like '%John%'

score 500 · Accepted Answer · answered Jun 10 '15 at 16:31

500

If you want to see what is run in the database use dd(DB::getQueryLog()) to see what queries were run.

Try this

BookingDates::where('email', Input::get('email'))
    ->orWhere('name', 'like', '%' . Input::get('name') . '%')->get();

answered Jun 10 '15 at 16:31

Pawel Bieszczad

12,925
3
37
40

47

is this query sql injection protected? – partho Jul 23 '17 at 10:56
31

@partho Yes. Laravel screens the whole string that you pass as the third argument of the `where` method. – Finesse Aug 18 '17 at 01:45
15

While injection protected you might want to check for unexpected % in user input. E.g., LIKE "%John%" and LIKE "John%" perform differently (you might only intend the latter). Also consider empty input, and then of "%" alone, which also might lead to unintended results from the above code. – Ian Fleeton Jun 10 '18 at 17:48
6

Agreed with Ian. Laravel only does partial escaping. There's still a lot of mischief possible if you don't properly escape the LIKE. Here's how: https://stackoverflow.com/a/42028380/329062 – Greg Sep 12 '18 at 13:19
2

I added `preg_replace("/[^A-Za-z0-9 ]/", '', $search);` because I don't need special chars, and it protects it from `%` injection too – Heichou Sep 07 '20 at 12:19

Oleh Diachenko · Answer 2 · 2020-09-13T20:55:52.657

I have scopes for this, hope it help somebody. https://laravel.com/docs/master/eloquent#local-scopes

public function scopeWhereLike($query, $column, $value)
{
    return $query->where($column, 'like', '%'.$value.'%');
}

public function scopeOrWhereLike($query, $column, $value)
{
    return $query->orWhere($column, 'like', '%'.$value.'%');
}

Usage:

$result = BookingDates::whereLike('email', $email)->orWhereLike('name', $name)->get();

score 19 · Answer 3 · answered Sep 07 '19 at 13:40

19

$data = DB::table('borrowers')
        ->join('loans', 'borrowers.id', '=', 'loans.borrower_id')
        ->select('borrowers.*', 'loans.*')   
        ->where('loan_officers', 'like', '%' . $officerId . '%')
        ->where('loans.maturity_date', '<', date("Y-m-d"))
        ->get();

answered Sep 07 '19 at 13:40

sadiq rashid

468
5
8

->where('loan_officers', 'like', '%' . $officerId . '%') where loan_officers is the serialized field – sadiq rashid Sep 07 '19 at 13:41

JaredDmz · Answer 4 · 2022-05-17T15:59:50.053

15

I think this is better, following the good practices of passing parameters to the query:

BookingDates::whereRaw('email = ? or name like ?', [$request->email,"%{$request->name}%"])->get();

Better:

BookingDates::where('email',$request->email)
    ->orWhere('name','like',"%{$request->name}%")->get();

You can see it in the documentation, Laravel 5.5.

You can also use the Laravel scout and make it easier with search. Here is the documentation.

edited May 17 '22 at 15:59

answered Jul 18 '19 at 16:01

JaredDmz

153
2
7

1

Raw is **never** better. You should sacrifice functionality if it requires `raw` to achieve it, or approach it differently. – zanderwar May 13 '22 at 09:55

M Mamoon Khan · Answer 5 · 2021-05-22T12:37:43.093

10

the query which is mentioned below worked for me maybe it will be helpful for someone.

 $platform = DB::table('idgbPlatforms')->where('name', 'LIKE',"%{$requestedplatform}%")->first();

edited May 22 '21 at 12:37

answered May 22 '21 at 12:16

M Mamoon Khan

169
2
9

score -1 · Answer 6 · answered Jun 26 '21 at 16:58

-1

If you wish to use it on controller you can do something like:

$generatequery = 'select * from blogs where is_active = 1 and blog_name like '%'.$blogs.'%' order by updated_at desc, id desc';

$blogslists = DB::select($generatequery);

answered Jun 26 '21 at 16:58

Ankush_Sharma

1

score -2 · Answer 7 · answered Jun 05 '21 at 07:46

-2

If you are using Postgres, The key word ILIKE can be used instead of LIKE to make the match case-insensitive according to the active locale. This is not in the SQL standard but is a PostgreSQL extension.

this worked for me.

User::where('name, 'ILIKE', $search)->get();

postgres documentation

answered Jun 05 '21 at 07:46

manzede

49
5

1

I do not get the connection between `What does that code produce in terms of [SQL] statements?` and above reply - what question does this answer? – greybeard Jun 05 '21 at 09:03
then using this isn't safe – Dendi Handian Aug 31 '21 at 06:48
LIKE is case-insensitive, what collation are you using for it to not be insensitive, definitely not utf8mb4... – zanderwar May 13 '22 at 09:57
@zanderwar WRONG !!! - in Postgresql LIKE is case-sensitive and you **have to** use ILIKE to make it case-insensitive. _The key word ILIKE can be used instead of LIKE to make the match case-insensitive according to the active locale. This is not in the SQL standard but is a PostgreSQL extension._ [docs](https://www.postgresql.org/docs/current/functions-matching.html) – dmikam Jan 04 '23 at 10:47

Laravel-5 'LIKE' equivalent (Eloquent)

7 Answers7

Linked

Related