php mysql query - output value of variable in the query

Question

I have the following mysql query in php:

$results = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%details%'");

However I want the query to be dynamic by changing the LIKE section of the query. Instead of:

LIKE '%details%'

I want to put a variable in there:

LIKE '% $format %'

where $format is a string.

Everything I have tried thus far has failed.

Whats the proper way to do this?

There are plenty of ways of doing this, but the right way is to use parameterized queries. Remember little Bobby Tables... http://xkcd.com/327/ — Ed Manet, Apr 05 '12 at 17:38
Here's a great question on topic: http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php — Ed Manet, Apr 05 '12 at 17:39

score 0 · Answer 1 · answered Apr 05 '12 at 16:40

0

Try wrapping in braces:

LIKE '%{$format}%'

answered Apr 05 '12 at 16:40

Kasapo

5,294
1
19
21

score 0 · Answer 2 · answered Apr 05 '12 at 16:40

Since you are using double quotes you could simply do:

$results = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%$format%'");

Or simply concatenate the string:

$results = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%" . $format . "%'");

score 0 · Answer 3 · answered Apr 05 '12 at 16:44

0

Your string is already in double quotes, so just surround your variable with curly braces and you should be good to go.

"SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%{$format}%'"

answered Apr 05 '12 at 16:44

SenorAmor

3,351
16
27

score 0 · Answer 4 · answered Apr 06 '12 at 12:28

0

Before passing the variable do this

$format = '%' . $format . '%';
now simply put it in the query.

$results = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '$format'");

answered Apr 06 '12 at 12:28

Muhammad Raheel

19,823
7
67
103

score 0 · Answer 5 · answered Apr 06 '12 at 12:35

You already got the answer. I can do it exactly like you want.

$results = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%$details%'");

_{Since the query is wrapped in double quotes, you dont need to escape anything.}

php mysql query - output value of variable in the query

5 Answers5