Quick question: How do I mysqli_escape_string a variable enclosed in a like clause?
"SELECT * FROM table WHERE name LIKE '%". %s . "%'"
or
"SELECT * FROM table WHERE name like '%"."%s"."%'"
don't work.
Thanks!
$value = mysql_real_escape_string($_POST["terms"]);
$query = "SELECT * FROM table WHERE name LIKE '%".$value."%'";
Or you could acheive this with sprintf like this:
$query = sprintf("SELECT * FROM table WHERE name LIKE '%s'", "%".$value."%");