php mysql query - output value of variable in the query

Go To StackoverFlow.com

1

I have the following mysql query in php:

$results = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%details%'");

However I want the query to be dynamic by changing the LIKE section of the query. Instead of:

LIKE '%details%'

I want to put a variable in there:

LIKE '% $format %'

where $format is a string.

Everything I have tried thus far has failed.

Whats the proper way to do this?

2012-04-05 16:36
by CLiown
There are plenty of ways of doing this, but the right way is to use parameterized queries. Remember little Bobby Tables... http://xkcd.com/327 - Ed Manet 2012-04-05 17:38
Here's a great question on topic: http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-ph - Ed Manet 2012-04-05 17:39


0

Try wrapping in braces:

LIKE '%{$format}%'
2012-04-05 16:40
by Kasapo


0

Since you are using double quotes you could simply do:

$results = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%$format%'");

Or simply concatenate the string:

$results = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%" . $format . "%'");
2012-04-05 16:40
by PeeHaa


0

Your string is already in double quotes, so just surround your variable with curly braces and you should be good to go.

"SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%{$format}%'"
2012-04-05 16:44
by SenorAmor


0

Before passing the variable do this

$format = '%' . $format . '%';
now simply put it in the query.

$results = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '$format'");
2012-04-06 12:28
by Muhammad Raheel


0

You already got the answer. I can do it exactly like you want.

$results = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%$details%'");

Since the query is wrapped in double quotes, you dont need to escape anything.

2012-04-06 12:35
by Starx
Ads