Using 'LIKE' in sql WHERE clause...SOLVED (i think)

2 posts by 2 authors in: Forums > CMS Builder
Last Post: November 18, 2008 (RSS)

Archived
Reply
Reply

By rcrofoot - November 17, 2008

Hi Dave-

Disregard my last post about using the 'LIKE' clause...I discovered if I include

'allowSearch' => '0',, it works fine...

list($certificationsRecords, $certificationsMetaData) = getRecords(array(
'tableName' => 'certifications',
'orderBy' => 'model ASC',
'allowSearch' => '0',
'where' => "model like '%".$model."%'",
));

:-) Rick

Re: [rcrofoot] Using 'LIKE' in sql WHERE clause...SOLVED (i think)

Archived
Reply
Reply

By Dave - November 18, 2008

Hi Rick,

Glad you got it working. Some tricks for you. You can see what query CMS Builder is trying by adding this:

'debugSql' => true,

If you look at the "WHERE" part of the query it will sometimes give you clues as to what's going on, such as when the automatic searching features are kicking in when you don't want them to.

Next, be sure to escape user submitted values like this:

'where' => "model like '%".mysql_real_escape_string($model)."%'",

to prevent "SQL Injections Attacks". Read more details here: http://en.wikipedia.org/wiki/SQL_injection

Hope that helps!

Dave Edis - Senior Developer
interactivetools.com