[RESOLVED] Need Query String Help

schmelding

Here's my code:

$lookupq = sprintf("SELECT *
	FROM table_a,table_b,table_c
	WHERE table_b.given_name OR table_b.nickname OR table_c.fn LIKE '%%%s%%'
		AND things.cc=table_c.cc
		AND table_a.cc=table_b.cc
		AND table_b.fid=table_c.id
	GROUP BY table_b.uid ORDER BY table_b.given_name,table_c.fn,table_b.nickname DESC LIMIT 10",
	mysql_real_escape_string($_GET['q']));

This is the line I am having trouble with:

WHERE table_b.given_name OR table_b.nickname OR table_c.fn LIKE '%%%s%%'

It shows the intent that I am looking for, but no worky as expected. What is the proper way of doing this?

Thanks in advance!

dagon

WHERE table_b.given_name LIKE '%s%' OR table_b.nickname LIKE '%s%' OR table_c.fn LIKE '%s%'

schmelding

Hmm...no good. "Too few arguments" error. 🙁

dagon

fix the number of % or drop sprintf

schmelding

Erg. I'm sorry. I don't understand.

This works:

WHERE table_b.given_name LIKE '&#37;%%s%%'

This does not:

WHERE table_b.given_name LIKE '%s%'

Tried removing "sprintf()" but it broke'd. 🙁

Thanks again for your help!

dagon

use your bit that works but follow my example for the query syntax.

schmelding

Here's the code as it is now:

<?
	$lookupq = sprintf("SELECT *
			FROM table_a,table_b,table_c
			WHERE table_b.given_name LIKE '&#37;%%s%%' OR table_b.nickname LIKE '%%%s%%' OR table_c.fn LIKE '%%%s%%'
				AND table_a.cc='$cc'
				AND table_a.cc=table_c.cc
				AND table_a.cc=table_b.cc
				AND table_b.fid=table_c.id
			GROUP BY table_b.uid ORDER BY table_b.given_name,table_c.fn,table_b.nickname DESC LIMIT 10",
			mysql_real_escape_string($_GET['q']));
?>

It's doesn't matter if I use '%s%' or '%%%s%%'...neither one works.

Thanks again!

johanafm

You should stick with %%%s%% since %% means % when used in sprintf, and %s is the string placeholder.
However, if you have

sprintf('%s  .... %s', 'string');

... then you get "too few arguments", since you have two placeholders, requiring two string parameters, and you only provide one (mysql_real_escape_string($_GET['q'])).

So, either (one per %s)

mysql_real_escape_string($_GET['q']),
mysql_real_escape_string($_GET['q']),
mysql_real_escape_string($_GET['q']));

Or change your %%%s%% into %%%1$s%%, since they will then all reference the first placeholder parameter.

schmelding

Yay! That worked. Thanks, johanafm! 🙂