将php处理程序附加到MySQL this的正确语法是什么？

Question

Hey there I have this snippet and I am having trouble deducing the correct syntax for it. It is helping me search my DB and I cannot seem to get it. Any help is appreciated. Thanks!

Here is the snippet its a PHP portion searching my MySQL DB

$query = mysql_query("SELECT e.event_name, v.venue_name FROM tie_in.events e LEFT JOIN tie_in.venues v ON v.venue_id = e.venue_id WHERE e.event_name = '%.$uniqueId.%' OR v.venue_name = '%.$uniqueId.%' ORDER BY e.event_time");

There area that I am having trouble with is the wrapping of the $uniqueId handler. How would I wrap this properly with parentheses etc to have the proper syntax to complete the function?

Thanks!

Answer 1

Pattern matches with % wildcards need to use LIKE , not = .

You can interpolate PHP variables inside strings by enclosing them in curly braces.

... WHERE e.event_name LIKE '%{$uniqueId}%' OR v.venue_name LIKE '%{$uniqueId}%' ...

Be careful that $uniqueId is a safe variable to use in SQL. You don't want to introduce SQL injection vulnerabilities.

Also, for what it's worth, the mysql_* functions are deprecated , and will be removed from PHP in some future version. So I recommend you use PDO instead, unless you have to use mysql_* because you have a lot of legacy code.

Answer 2

Either remove the % since wildcards are not supported when you use =

$query = mysql_query("SELECT e.event_name, v.venue_name FROM tie_in.events e LEFT JOIN tie_in.venues v ON v.venue_id = e.venue_id WHERE e.event_name = '$uniqueId' OR v.venue_name = '$uniqueId' ORDER BY e.event_time");

Or use LIKE instead of =

$query = mysql_query("SELECT e.event_name, v.venue_name FROM tie_in.events e LEFT JOIN tie_in.venues v ON v.venue_id = e.venue_id WHERE e.event_name LIKE '%".$uniqueId."%' OR v.venue_name = '%".$uniqueId."%' ORDER BY e.event_time");