I have this code ( just some part of it) :
<?php
if(isset($_GET['act']) && $_GET['act']== 'do') {
$key= $_POST['key'];
}
else {
$key= '';
}
?>
<input class='inputField' type='text' name='key' size=45 value='<?php echo $key;?>' >
<script>$(document).ready(function(){
key= $("#mainTop input").val();
if(key!= null || key== '%') {
showPage(1,key);
}
else {
showPage(1);
}
});
</script>
The showpage() will get parameter and pass to php file :
if(isset($_GET['key'])) {
$key= addslashes($_GET['key']);
}
else {
$key= null;
}
$result= $db->query("SELECT * FROM information WHERE stuId LIKE '%$key%' OR stuName LIKE '%$key%' LIMIT $start,10");
The php file will get the key to search. I escape the key by addslashes,the do the mysql query to search. But if I search with key = % # _ +,it still print our all the table instead there are no matching result. I guess that I did not escape the key in right way,so how do I escape character such as % # _ + to do mysql query with LIKE ? Please help me out ? I had a look at some another question but I still dont get it
