Reputation: 55
How do I check a column that contains a string?
currently I've been using this:
SELECT * FROM `meow` WHERE profile LIKE '%$username%'
But the problem I'm facing is if someone puts the letters 'a' it will pull everything that contains a and that's a bit of a security risk on my end, How do i search just 1 column to see if it matches $username exactly? not the whole table?
Upvotes: 1
Views: 61
Answers (4)
Reputation: 9010
Stop using string concatenation to build your query. It's evil. Instead use mysqli or pdo and use prepared statements.
$pdo = new PDO('mysql:host=localhost;dbname=yourdb', 'your_username', 'your_password');
$stmt = $pdo->prepare("SELECT * FROM `meow` WHERE profile = ?");
$stmt->execute(array($username));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
Also, use equality, instead of like, if you wish to check for exact matches.
Upvotes: 1
Reputation: 31739
Try with -
"SELECT * FROM `meow` WHERE profile LIKE '$username'"
for exact match.
Upvotes: 0
Reputation: 179
Instead of using like use equal to
try this :
SELECT * FROM meow WHERE profile = '$username'
Upvotes: 0
Reputation: 311163
For exact string matching you should the = operator instead of the like operator:
SELECT * FROM `meow` WHERE profile = '$username'
Upvotes: 2
Related Questions
- Check if string contains a string in PHP
- select where row contains string
- Check if value is in mysql's table's column
- How to check if a string contains any string in a column MySQL
- How to check if a column value is in a string SQL
- Check for 'string' in a MySQL column using PHP
- Checking for string match with a MySQL query
- SELECT where row value contains string MySQL
- Check if a string is in a MySQL field value
- How do I check a MySQL column to make sure it contains a value?