0

I do one query and I have syntax error. But for me I do all right.

Where I have error?

Thanks!

$str = "Moscow";
$data = $ci->crud_model->query(
    'select * from "Cities" where  "defaultName" ilike  %'.$str.'%'
);

Query is : select * from "Cities" where "defaultName" ilike %Moscow%

Improve this question
6
  • ilike? Is it a more personified version of the SQL like? Commented Sep 26, 2014 at 8:30
  • 1
    @CodeNewbie: Only PostGreSql provide the key word ILIKE can be used instead of LIKE to make the match case-insensitive according to the active locale. Commented Sep 26, 2014 at 8:46
  • @user2051503: See my answer I have given example of ILIKe... Hope u will understand Commented Sep 26, 2014 at 8:51
  • It would be more useful if you actually included the text of the error the question refers to. Always do this. Commented Sep 26, 2014 at 8:58
  • 1
    Also, read stackoverflow.com/q/5857386/398670 and php.net/manual/en/security.database.sql-injection.php Commented Sep 26, 2014 at 8:59

3 Answers 3

Reset to default
3

The LIKE/ILIKE operator takes two strings as its arguments. That is, the pattern has to be a quoted string, not just directly in the SQL query.

So instead of:

"defaultName" ilike %Moscow%

You need:

"defaultName" ilike '%Moscow%'

In PHP, you should be (at the very least) escaping the input to avoid SQL Injection. Probably CodeIgniter has facilities for escaping, or using parameterised queries, but at the very least you should do this:

$str = "Moscow";
$data = $ci->crud_model->query(
    'select * from "Cities" where  "defaultName" ilike  \'%'.pg_escape_string($str).'%\''
);

EDIT Per Craig Ringer's comment, the correct ways to escape or build safe queries with CodeIgniter are covered in this answer.

This is probably the simplest (note that the query parameter is automatically a string, and doesn't need extra quotes):

$str = "Moscow";
$data = $ci->crud_model->query(
    'select * from "Cities" where  "defaultName" ilike ?',
    array('%' . $str . '%')
);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You need to surround %moscow% with quotes:

select * from "Cities" where "defaultName" ilike' %Moscow%'

Improve this answer

1 Comment

Thanks! Your post is very helpful for me! my solution is $data = $ci->crud_model->query("select * from \"Cities\" where \"defaultName\" ilike' %$str%'");
-1

The key word ILIKE can be used instead of LIKE to make the match case-insensitive according to the active locale. This is not in the SQL standard. Make it LIKE in place of ilike

$str = "Moscow";
$data = $ci->crud_model->query('select * from Cities where defaultName LIKE  %$str%');

Then you Query will be 

select * from Cities where defaultName LIKE '%Moscow%';

For ILIKE: Example -

SELECT first_name,last_name FROM customer WHERE first_name ILIKE 'BAR%';

Here it will return row as per this condition:

The BAR% pattern matches any string that begins with BAR, Bar, BaR, etc. If you use the LIKE operator instead, the query will not return any row. Reference: http://www.postgresqltutorial.com/postgresql-like/

Improve this answer

2 Comments

what err you see...? you run that query in database and what err its showing ?
ERROR: syntax error at or near "%" LINE 1: select * from "Cities" where "defaultName" LIKE %Moscow%

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.