I have the following sql (a simplification of the real problem):
SELECT *
FROM t
WHERE myname LIKE '%{$input}%';
How do I escape the $input?
I can't use the quoteInto (unless I miss something).
As
$sql=$DB->quoteInto("SELECT *
FROM t
WHERE myname LIKE '%?%'",$input);
Will give me
SELECT *
FROM t
WHERE myname LIKE '%'my input'%';
and
$sql=$DB->quoteInto("SELECT *
FROM t
WHERE myname LIKE ?",'%'.$input.'%');
Will give me something on the lines:
SELECT *
FROM t
WHERE myname LIKE '\%my input\%';
The last option is works out well for me i've not experienced it escaping '%'. So $db->quote('%'.$_GET['query'].'%')
outputs %queryvalue%