[nycphp-talk] escaping % and _ in a MySQL query
Ophir Prusak
prusak at gmail.com
Sun Oct 31 08:37:42 EST 2004
Since you seem to be using MySQL, and are searching for textual data,
you might want to look into MySQL's fulltext search.
If you're doing LIKE searches, a fulltext search could be a better solution.
Could you give us some more details on the data people can search?
On Sat, 30 Oct 2004 23:35:01 -0400 (EDT), David Mintz
<dmintz at davidmintz.org> wrote:
>
> Suppose you have a form with a textfield for people to enter a string to
> search for in your database, and you don't want people using % or _ unless
> they mean it literally. This is kind of ugly:
>
> $input = preg_replace('/(%|_)/',"\\\\$1",$input);
> $input = mysql_escape_string($input);
>
> Is this more or less what you should do, or is there a classier solution
> that I'm overlooking?
>
> ---
> David Mintz
> http://davidmintz.org/
>
> $world =~ s|<bush[^>]*>.+</bush>||is;
> Oh yeah, I could also use help writing a regex to match strings like
> "<bush />" but I'm hoping it will be moot by Tuesday.
> _______________________________________________
> New York PHP Talk
> Supporting AMP Technology (Apache/MySQL/PHP)
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.newyorkphp.org
>
More information about the talk
mailing list