Silex repository SQL escaping single quote issue

Question

Maybe a noob question but I have to ask...

This is the query I need:

select title from internships where title like '% someParameter %'

I have to use this in my Repository in my Silex project, so I wrote a function in my repo:

public function getTitleQuery($title) {
    return $this->db->fetchAll('select title from internships where title like \'% ? %\' ', array($title));
}

When I escape the single quotes like \' php sees the question mark as a question mark and not as a parameter.

what if you change the outer quotes to double quotes so you dont need to escape the inner quotes? ej change `'select title from internships where title like \'% ? %\' '` to `"select title from internships where title like '% ? %' "` — Juan Antonio Orozco, May 17 '13 at 23:32
It hase the same effect, the question mark remains just a question mark and not a sign for a parameter. — kekovski, May 17 '13 at 23:39
try this, `'select title from internships where title like ?'` and in the array section put `array("%{$title}%")` as seen in http://stackoverflow.com/questions/583336/how-do-i-create-a-pdo-parameterized-query-with-a-like-statement — Juan Antonio Orozco, May 17 '13 at 23:54
letme put it in an answer so it does not afect your acept rate — Juan Antonio Orozco, May 18 '13 at 00:09

score 4 · Accepted Answer · edited May 23 '17 at 11:59

4

try this in the sql:

'select title from internships where title like ?'

and in the array section put

array("%{$title}%")

edited May 23 '17 at 11:59

Community

answered May 18 '13 at 00:10

1 Answers1