Rather new to php, so sorry if this seems stupid. I'm really copying a lot of this from previously written code from other developers at my company.
The way we run a query is basically like this:
$qry = new SQLQuery;
$sqlString = "SELECT * FROM database.table WHERE table.text = '" .
$textVar . "' and table.text2 = '" . $text2Var."'";
$qry->prepare(String::Condense($sqlString));
$qry->execute();
The problem I'm having is that $textVar or $text2Var may legitimately have question marks (?) in them as part of their text, this is causing the query SQLQuery class to break treating the question mark as a variable I'm not passing it.
So how can I instruct the SQLQuery class to ignore question marks?
p.s. I'm sure there's terminology for a lot of this that I don't know, please keep that in mind when giving me an answer.
You want your prepared statement $sqlString to have ? where you are putting $textVar and $text2var, and then you need to bind those to the statement.
It's treating them as placeholders because they look like placeholders when you prepare your SQL.
So:
$sqlString = "SELECT * FROM database.table WHERE table.text = ? and table.text2 = ?"
You should take a look at MySQL Prepared Statements and familiarize yourself with how they work and what benefits they provide.