I'm trying to execute the following query but the placeholder doesn't get replaced with its value. Can someone suggest a fix, please?
$db->query("SELECT * FROM titles WHERE title ILIKE '%%s%' ORDER BY title", $_POST['query']);
Since % is used in placeholders, %% is used to escape a bare %. In your case you'll need to run it as:
%
%%
$db->query("SELECT * FROM titles WHERE title ILIKE '%%%s%%' ORDER BY title", $_POST['query']);
Thanks for the fast reply but it's no different than the previous query. It also returns all rows from the table.
Debug info:
[sql:fResult:private] => SELECT * FROM titles WHERE title ILIKE '%%%s%%' ORDER BY title
Sorry, my bad, that isn't how we should be escaping a LIKE value. Escaping a string puts quotes around it, so you need the % in the value.
LIKE
$db->query("SELECT * FROM titles WHERE title ILIKE %s ORDER BY title", '%' . $_POST['query'] . '%');
Thanks, that works.