On mið, 2007-01-10 at 17:38 -0800, Mike Poe wrote: > I'm a rank newbie to Postgres & am having a hard time getting my arms > around this. > > I'm trying to construct a query to be run in a PHP script. I have an > HTML form were someone can enter either a last name or a social > security number & then query the database based on what they entered. > > My query looks like this: > > SELECT foo, baz, bar FROM public.table WHERE lastname ~* '$lastname' OR > ssn='$ssn'" > > I need to leave the last name a wildcard in case someone enters a > partial name, lower case / upper case, etc. note that you really should not be using values directly from user input for $lastname and $ssn without doing some sanity checks on them. consider for example the user submitting a string containing a quote character. most languages provide functions to make such input safe. gnari
