Using qa_db_query_sub with a MYSQL LIKE "%abc%"

Question 1

Using a query like this:

$postdata = qa_db_read_one_assoc(
qa_db_query_sub('
  SELECT userid, content FROM ^posts 
  WHERE content LIKE "%'.$word.'%"
)
);

will bring security issues.

I'd like to use the $ "placeholder" to insert the $word and have a secure query. But:

$postdata = qa_db_read_one_assoc(
qa_db_query_sub('
  SELECT userid, content FROM ^posts 
  WHERE content LIKE $
), "%'.$word.'%"
);

Does not work.

Is there any way of how to get the % as MYSQL part into the query and use the $ for the qa_db_query_sub().

Question 2

> Does not work.
1. What error are you getting?
2. What is the content of $word?

Question 3

I just tried again and changed "%'.$word.'%" to '%'.$word.'%' – seems to work now!

Question 4

That makes sense :)

Please log in or register to add a comment.