MySQL Query with variable wildcards

Question

If I execute my PHP code:

$serName = $_GET['username'];
// Code for sanitation here
// [...]
$sql = "SELECT NAME FROM PLAYERS WHERE NAME LIKE '%$serName%'";

I get division error, how do I use a variable in a query with wildcards on both sides?

You must sanitize your GET string before putting it at your query.. — Svetoslav
– Svetoslav, Commented Apr 7, 2013 at 16:12
@Svetlio Yes I have sanatized it, I have just left it like that so people won't be confused my my functions. — Ozair Patel
– Ozair Patel, Commented Apr 7, 2013 at 16:15

Ejaz · Accepted Answer · 2013-04-07 16:11:06Z

3

right query

SELECT NAME FROM PLAYERS WHERE NAME LIKE '%{$serName}%'

answered Apr 7, 2013 at 16:11

Ejaz

8,8723 gold badges38 silver badges52 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

Why cannot he use PDO if he feels like it? (;

He certainly can :) I advised for prepared statements, not against PDO.

Amir · Accepted Answer · 2013-04-07 16:15:16Z

0

$sql = "SELECT NAME FROM PLAYERS WHERE NAME LIKE '%" .$serName. "%'";

answered Apr 7, 2013 at 16:15

Amir

4,1314 gold badges18 silver badges28 bronze badges