Too true - this is why a page that I promised would only take a few minutes winds up taking all week. But it makes steady employment for the QA team... Frank On 2/24/04 10:37 AM, "Andy Armstrong" <andy@xxxxxxxxxx> wrote: > Frank Flynn wrote: > >> And if you'd like to make wild carding optional keep your code the way it >> is: >> >> $query .= " AND `model` LIKE '".$_GET['search']."'"; >> >> And put a comment on the web page "Use the % for wild cards". >> >> The thing about: >> $query .= " AND `model` LIKE '%".$_GET['search']."%'"; >> >> Is it will return many results if $_GET['search'] is very small like one >> letter. > > And bear in mind that there's could be a nasty SQL injection problem > with that code if $_GET['search'] hasn't been SQL escaped in some way. -- Frank Flynn Poet, Artist & Mystic -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
