MySQL LIKE + php sprintf

Question

$test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%s%'", mysql_real_escape_string('test'));

echo $test;

output:

SELECT * FROM `table` WHERE `text` LIKE '%s

but it should output:

SELECT * FROM `table` WHERE `text` LIKE '%test%'

score 45 · Accepted Answer · answered Oct 05 '10 at 11:32

... LIKE '%%%s%%'", mysql_real_escape_string('test'));

To print the % character you need to escape it with itself. Therefore the first two %% will print the % character, while the third one is for the type specifier %s. You need a double %% at the end as well.

score 4 · Answer 2 · answered Oct 05 '10 at 11:32

Try:

$test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%%s%%'", mysql_real_escape_string('test'));

In sprintf, if you want to get a % sign, you have to insert %%. So it's %% for the first wildcard %, %s for the string itself and %% for the last wildcard %.

score 1 · Answer 3 · answered Oct 05 '10 at 11:36

1

You need to escape the percent signs with a percent sign %%.

$test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%%s%%'", mysql_real_escape_string('test'));

echo $test;

answered Oct 05 '10 at 11:36

Ruel

15,438
7
38
49

score 1 · Answer 4 · answered Apr 29 '11 at 02:55

You’re jumbling contexts. For consistency, put the things that aren't inside the SQL single quotes outside of the sprintf() format string:

$test = sprintf(
          "SELECT * FROM `table` WHERE"
            . "`xt` LIKE '%s'",
          "%" . mysql_real_escape_string("test") . "%"
        );

score 0 · Answer 5 · edited Oct 05 '10 at 11:33

0

$test = "SELECT * FROM `table` WHERE `text` LIKE '%s%'" . mysql_real_escape_string('test');

echo $test;

edited Oct 05 '10 at 11:33

NullUserException

83,810
28
209
234

answered Oct 05 '10 at 11:33

Steve Claridge

10,650
8
33
35

MySQL LIKE + php sprintf

5 Answers5

Linked