Using php variables in Sql

Question

i have a form that is used to set a search term to a php variable VIA _GET so for example if the user typed cat the url would say ?search=cat

Here is the PHP variable that will be used in the SQL query

$search = 'CustomerAccountName LIKE &#39;%'  . $_GET['search'] . '%&#39;';

When echoed this produces CustomerAccountName LIKE '%cat%' which is valid and works when using the query editor however when i try to place the $search variable in to the query in php i get this error

Warning: odbc_exec(): SQL error: [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect
 syntax near '&amp;'., SQL state 37000 in SQLExecDirect

any help would be much appreciated

Bobby tables is salivating by just looking at this

Elias Van Ootegem
– Elias Van Ootegem

2014-10-20 10:18:58 +00:00
Commented Oct 20, 2014 at 10:18 — Elias Van Ootegem
– Elias Van Ootegem, Commented Oct 20, 2014 at 10:18

Community · Accepted Answer · 2017-05-23 12:27:21Z

2

Just use plain single quotes.

$search = "CustomerAccountName LIKE '%".$_GET['search']."%';";

But don't build your query like this. Sanitize it before to prevent SQL injection.

edited May 23, 2017 at 12:27

CommunityBot

11 silver badge

answered Oct 20, 2014 at 10:18

Francois

11k9 gold badges53 silver badges81 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

trzyeM- · Accepted Answer · 2014-10-20 10:20:30Z

0

$search = "CustomerAccountName LIKE '%"  . $_GET['search'] . "%' ";

answered Oct 20, 2014 at 10:20

trzyeM-

9638 silver badges10 bronze badges

Collectives™ on Stack Overflow

Using php variables in Sql

2 Answers 2

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related