Matching “curly” quotes against standard quotes in DB query












5















I have text stored in post_title column:



you’re


Using this query:



function ma_post_title_filter($where, &$wp_query) {

    global $wpdb;

    if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {

        $search_term = sanitize_text_field($search_term);

        $where .= ' AND ' . $wpdb->posts . '.post_title LIKE '%' . $wpdb->esc_like( $search_term ) . '%'';

    }

    return $where;

}


If $search_term is you’re, it works and finds the column. But when it is you're, it does not work (because it is a different single quotation mark).



How can I improve the query so both you’re and you're matches with you’re?



What I've tried so far




  1. Use str_replace() on $search_term to replace ' with . Example: str_replace(''','’',$wpdb->esc_like( $search_term ))... the problem with this approach is that we will never match if the stored column is you're.

  2. Do AND REPLACE on '.$wpdb->posts.'.post_title to replace ' with ... but doesn't seem to work.


I'm aware the ideal solution is to adjust all the database instances of the single quotation to a standard one but this is not possible in my case.



What's the proper solution to this?






php mysql sql wordpress







share|improve this question




















  • 5





    The What I've tried so far section is lovely. Should be standard here. +1

    – Gary Woods
    Nov 21 '18 at 14:45











  • Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)

    – Dammeul
    Nov 21 '18 at 14:48











  • Did you try to replace with ' since your pattern is '.post_title LIKE '%'?

    – forpas
    Nov 21 '18 at 14:55











  • @forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.

    – Henrik Petterson
    Nov 21 '18 at 14:56











  • Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).

    – forpas
    Nov 21 '18 at 15:07


















5















I have text stored in post_title column:



you’re


Using this query:



function ma_post_title_filter($where, &$wp_query) {

    global $wpdb;

    if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {

        $search_term = sanitize_text_field($search_term);

        $where .= ' AND ' . $wpdb->posts . '.post_title LIKE '%' . $wpdb->esc_like( $search_term ) . '%'';

    }

    return $where;

}


If $search_term is you’re, it works and finds the column. But when it is you're, it does not work (because it is a different single quotation mark).



How can I improve the query so both you’re and you're matches with you’re?



What I've tried so far




  1. Use str_replace() on $search_term to replace ' with . Example: str_replace(''','’',$wpdb->esc_like( $search_term ))... the problem with this approach is that we will never match if the stored column is you're.

  2. Do AND REPLACE on '.$wpdb->posts.'.post_title to replace ' with ... but doesn't seem to work.


I'm aware the ideal solution is to adjust all the database instances of the single quotation to a standard one but this is not possible in my case.



What's the proper solution to this?






php mysql sql wordpress







share|improve this question




















  • 5





    The What I've tried so far section is lovely. Should be standard here. +1

    – Gary Woods
    Nov 21 '18 at 14:45











  • Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)

    – Dammeul
    Nov 21 '18 at 14:48











  • Did you try to replace with ' since your pattern is '.post_title LIKE '%'?

    – forpas
    Nov 21 '18 at 14:55











  • @forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.

    – Henrik Petterson
    Nov 21 '18 at 14:56











  • Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).

    – forpas
    Nov 21 '18 at 15:07
















5












5








5


3






I have text stored in post_title column:



you’re


Using this query:



function ma_post_title_filter($where, &$wp_query) {

    global $wpdb;

    if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {

        $search_term = sanitize_text_field($search_term);

        $where .= ' AND ' . $wpdb->posts . '.post_title LIKE '%' . $wpdb->esc_like( $search_term ) . '%'';

    }

    return $where;

}


If $search_term is you’re, it works and finds the column. But when it is you're, it does not work (because it is a different single quotation mark).



How can I improve the query so both you’re and you're matches with you’re?



What I've tried so far




  1. Use str_replace() on $search_term to replace ' with . Example: str_replace(''','’',$wpdb->esc_like( $search_term ))... the problem with this approach is that we will never match if the stored column is you're.

  2. Do AND REPLACE on '.$wpdb->posts.'.post_title to replace ' with ... but doesn't seem to work.


I'm aware the ideal solution is to adjust all the database instances of the single quotation to a standard one but this is not possible in my case.



What's the proper solution to this?






php mysql sql wordpress







share|improve this question
















I have text stored in post_title column:



you’re


Using this query:



function ma_post_title_filter($where, &$wp_query) {

    global $wpdb;

    if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {

        $search_term = sanitize_text_field($search_term);

        $where .= ' AND ' . $wpdb->posts . '.post_title LIKE '%' . $wpdb->esc_like( $search_term ) . '%'';

    }

    return $where;

}


If $search_term is you’re, it works and finds the column. But when it is you're, it does not work (because it is a different single quotation mark).



How can I improve the query so both you’re and you're matches with you’re?



What I've tried so far




  1. Use str_replace() on $search_term to replace ' with . Example: str_replace(''','’',$wpdb->esc_like( $search_term ))... the problem with this approach is that we will never match if the stored column is you're.

  2. Do AND REPLACE on '.$wpdb->posts.'.post_title to replace ' with ... but doesn't seem to work.


I'm aware the ideal solution is to adjust all the database instances of the single quotation to a standard one but this is not possible in my case.



What's the proper solution to this?






php mysql sql wordpress




php mysql sql wordpress






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 '18 at 10:52







Henrik Petterson

















asked Nov 21 '18 at 14:44









Henrik PettersonHenrik Petterson

1,0331341105




1,0331341105








  • 5





    The What I've tried so far section is lovely. Should be standard here. +1

    – Gary Woods
    Nov 21 '18 at 14:45











  • Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)

    – Dammeul
    Nov 21 '18 at 14:48











  • Did you try to replace with ' since your pattern is '.post_title LIKE '%'?

    – forpas
    Nov 21 '18 at 14:55











  • @forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.

    – Henrik Petterson
    Nov 21 '18 at 14:56











  • Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).

    – forpas
    Nov 21 '18 at 15:07
















  • 5





    The What I've tried so far section is lovely. Should be standard here. +1

    – Gary Woods
    Nov 21 '18 at 14:45











  • Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)

    – Dammeul
    Nov 21 '18 at 14:48











  • Did you try to replace with ' since your pattern is '.post_title LIKE '%'?

    – forpas
    Nov 21 '18 at 14:55











  • @forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.

    – Henrik Petterson
    Nov 21 '18 at 14:56











  • Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).

    – forpas
    Nov 21 '18 at 15:07










5




5





The What I've tried so far section is lovely. Should be standard here. +1

– Gary Woods
Nov 21 '18 at 14:45





The What I've tried so far section is lovely. Should be standard here. +1

– Gary Woods
Nov 21 '18 at 14:45













Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)

– Dammeul
Nov 21 '18 at 14:48





Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)

– Dammeul
Nov 21 '18 at 14:48













Did you try to replace with ' since your pattern is '.post_title LIKE '%'?

– forpas
Nov 21 '18 at 14:55





Did you try to replace with ' since your pattern is '.post_title LIKE '%'?

– forpas
Nov 21 '18 at 14:55













@forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.

– Henrik Petterson
Nov 21 '18 at 14:56





@forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.

– Henrik Petterson
Nov 21 '18 at 14:56













Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).

– forpas
Nov 21 '18 at 15:07







Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).

– forpas
Nov 21 '18 at 15:07














3 Answers
3






active

oldest

votes


















2














I wanted to point out that % is not the only placeholder that can be used in LIKE queries. You can use the underscore _ to indicate a single character as well. One approach could be to replace every punctuation character in a certain class with an underscore. This would allow "you're" to match "you’re" and vice-versa. (Granted, it would also allow "youvre" to match as well!)



<?php

function ma_post_title_filter($where, &$wp_query) {

    global $wpdb;

    $punct = ["’", "‘", "”", "“"];

    if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {

        // escape any % or _ characters

        $search_term = $wpdb->esc_like($search_term);

        // replace desired punctuation characters with _

        $search_term = str_replace($punct, "_", $search_term);

        // do final escaping for safe queries

        $search_term = $wpdb->_real_escape($search_term);

        // this looks much neater with string interpolation vs concatenation

        $where .= " AND $wpdb->posts.post_title LIKE '%$search_term%'";

    }

    return $where;

}


You should, when passing values to a LIKE clause, use wpdb::esc_like() to ensure any user-supplied percent signs or underscores don't get in the way of things. sanitize_text_field() is meant to be used before output to HTML, and does nothing to make text safe for a database query. That's what wpdb::_real_escape() is for.






share|improve this answer





















  • 1





    Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!

    – Henrik Petterson
    Nov 22 '18 at 10:42











  • Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.

    – Henrik Petterson
    Nov 22 '18 at 10:51











  • I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.

    – miken32
    Nov 22 '18 at 14:48











  • What version of Wordpress are you running?

    – miken32
    Nov 22 '18 at 14:50











  • I am using the latest version.

    – Henrik Petterson
    Nov 22 '18 at 14:52



















1














You can use MySQL RLIKE : 



$where .= ' AND '. $wpdb->posts .'.post_title RLIKE '.*'. $wpdb->esc_like(str_replace(["’","'"],"['’]", $search_term) ) .'.*' ';





share|improve this answer





















  • 2





    OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.

    – miken32
    Nov 21 '18 at 18:00



















0














I would be using twice a LIKE statement, one with the original search term, the second one with a replacement of the ' by



You can use parameterized queries. In example, using wpdb::prepare() :



$searchTerm = "You're"; //Don't sanitize using a function, this will by done with parameters.

// query

$where .= ' AND ('. $wpdb->posts .'.post_title LIKE %s OR '. $wpdb->posts .'.post_title LIKE %s)'; //Notice the double %s

//I suppose $where contains your whole query

$sth = $wpdb->prepare($where, '%' . $searchTerm . '%', '%' . str_replace('’', ''', $search_term) . '%'); //This will associate the %s (a string) in the query by the value indicated in the function

$wpdb->query($sth);


The %s is a placeholder in the query to indicate to $wpdb->prepare() that there will be a string at this place.






share|improve this answer





















  • 1





    Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?

    – Henrik Petterson
    Nov 21 '18 at 14:55






  • 1





    Sure, wait a moment

    – Cid
    Nov 21 '18 at 14:56






  • 1





    @Cid FYI, the OP is using WordPress wpdb....

    – Gary Woods
    Nov 21 '18 at 14:57






  • 1





    @GaryWoods thank you, I adapted my answer to this situation

    – Cid
    Nov 21 '18 at 15:07






  • 1





    Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.

    – miken32
    Nov 21 '18 at 17:49











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414546%2fmatching-curly-quotes-against-standard-quotes-in-db-query%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























3 Answers
3






active

oldest

votes








3 Answers
3






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














I wanted to point out that % is not the only placeholder that can be used in LIKE queries. You can use the underscore _ to indicate a single character as well. One approach could be to replace every punctuation character in a certain class with an underscore. This would allow "you're" to match "you’re" and vice-versa. (Granted, it would also allow "youvre" to match as well!)



<?php

function ma_post_title_filter($where, &$wp_query) {

    global $wpdb;

    $punct = ["’", "‘", "”", "“"];

    if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {

        // escape any % or _ characters

        $search_term = $wpdb->esc_like($search_term);

        // replace desired punctuation characters with _

        $search_term = str_replace($punct, "_", $search_term);

        // do final escaping for safe queries

        $search_term = $wpdb->_real_escape($search_term);

        // this looks much neater with string interpolation vs concatenation

        $where .= " AND $wpdb->posts.post_title LIKE '%$search_term%'";

    }

    return $where;

}


You should, when passing values to a LIKE clause, use wpdb::esc_like() to ensure any user-supplied percent signs or underscores don't get in the way of things. sanitize_text_field() is meant to be used before output to HTML, and does nothing to make text safe for a database query. That's what wpdb::_real_escape() is for.






share|improve this answer





















  • 1





    Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!

    – Henrik Petterson
    Nov 22 '18 at 10:42











  • Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.

    – Henrik Petterson
    Nov 22 '18 at 10:51











  • I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.

    – miken32
    Nov 22 '18 at 14:48











  • What version of Wordpress are you running?

    – miken32
    Nov 22 '18 at 14:50











  • I am using the latest version.

    – Henrik Petterson
    Nov 22 '18 at 14:52
















2














I wanted to point out that % is not the only placeholder that can be used in LIKE queries. You can use the underscore _ to indicate a single character as well. One approach could be to replace every punctuation character in a certain class with an underscore. This would allow "you're" to match "you’re" and vice-versa. (Granted, it would also allow "youvre" to match as well!)



<?php

function ma_post_title_filter($where, &$wp_query) {

    global $wpdb;

    $punct = ["’", "‘", "”", "“"];

    if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {

        // escape any % or _ characters

        $search_term = $wpdb->esc_like($search_term);

        // replace desired punctuation characters with _

        $search_term = str_replace($punct, "_", $search_term);

        // do final escaping for safe queries

        $search_term = $wpdb->_real_escape($search_term);

        // this looks much neater with string interpolation vs concatenation

        $where .= " AND $wpdb->posts.post_title LIKE '%$search_term%'";

    }

    return $where;

}


You should, when passing values to a LIKE clause, use wpdb::esc_like() to ensure any user-supplied percent signs or underscores don't get in the way of things. sanitize_text_field() is meant to be used before output to HTML, and does nothing to make text safe for a database query. That's what wpdb::_real_escape() is for.






share|improve this answer





















  • 1





    Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!

    – Henrik Petterson
    Nov 22 '18 at 10:42











  • Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.

    – Henrik Petterson
    Nov 22 '18 at 10:51











  • I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.

    – miken32
    Nov 22 '18 at 14:48











  • What version of Wordpress are you running?

    – miken32
    Nov 22 '18 at 14:50











  • I am using the latest version.

    – Henrik Petterson
    Nov 22 '18 at 14:52














2












2








2







I wanted to point out that % is not the only placeholder that can be used in LIKE queries. You can use the underscore _ to indicate a single character as well. One approach could be to replace every punctuation character in a certain class with an underscore. This would allow "you're" to match "you’re" and vice-versa. (Granted, it would also allow "youvre" to match as well!)



<?php

function ma_post_title_filter($where, &$wp_query) {

    global $wpdb;

    $punct = ["’", "‘", "”", "“"];

    if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {

        // escape any % or _ characters

        $search_term = $wpdb->esc_like($search_term);

        // replace desired punctuation characters with _

        $search_term = str_replace($punct, "_", $search_term);

        // do final escaping for safe queries

        $search_term = $wpdb->_real_escape($search_term);

        // this looks much neater with string interpolation vs concatenation

        $where .= " AND $wpdb->posts.post_title LIKE '%$search_term%'";

    }

    return $where;

}


You should, when passing values to a LIKE clause, use wpdb::esc_like() to ensure any user-supplied percent signs or underscores don't get in the way of things. sanitize_text_field() is meant to be used before output to HTML, and does nothing to make text safe for a database query. That's what wpdb::_real_escape() is for.






share|improve this answer















I wanted to point out that % is not the only placeholder that can be used in LIKE queries. You can use the underscore _ to indicate a single character as well. One approach could be to replace every punctuation character in a certain class with an underscore. This would allow "you're" to match "you’re" and vice-versa. (Granted, it would also allow "youvre" to match as well!)



<?php

function ma_post_title_filter($where, &$wp_query) {

    global $wpdb;

    $punct = ["’", "‘", "”", "“"];

    if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {

        // escape any % or _ characters

        $search_term = $wpdb->esc_like($search_term);

        // replace desired punctuation characters with _

        $search_term = str_replace($punct, "_", $search_term);

        // do final escaping for safe queries

        $search_term = $wpdb->_real_escape($search_term);

        // this looks much neater with string interpolation vs concatenation

        $where .= " AND $wpdb->posts.post_title LIKE '%$search_term%'";

    }

    return $where;

}


You should, when passing values to a LIKE clause, use wpdb::esc_like() to ensure any user-supplied percent signs or underscores don't get in the way of things. sanitize_text_field() is meant to be used before output to HTML, and does nothing to make text safe for a database query. That's what wpdb::_real_escape() is for.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 22 '18 at 14:54

























answered Nov 21 '18 at 17:46









miken32miken32

24.3k95173




24.3k95173








  • 1





    Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!

    – Henrik Petterson
    Nov 22 '18 at 10:42











  • Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.

    – Henrik Petterson
    Nov 22 '18 at 10:51











  • I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.

    – miken32
    Nov 22 '18 at 14:48











  • What version of Wordpress are you running?

    – miken32
    Nov 22 '18 at 14:50











  • I am using the latest version.

    – Henrik Petterson
    Nov 22 '18 at 14:52














  • 1





    Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!

    – Henrik Petterson
    Nov 22 '18 at 10:42











  • Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.

    – Henrik Petterson
    Nov 22 '18 at 10:51











  • I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.

    – miken32
    Nov 22 '18 at 14:48











  • What version of Wordpress are you running?

    – miken32
    Nov 22 '18 at 14:50











  • I am using the latest version.

    – Henrik Petterson
    Nov 22 '18 at 14:52








1




1





Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!

– Henrik Petterson
Nov 22 '18 at 10:42





Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!

– Henrik Petterson
Nov 22 '18 at 10:42













Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.

– Henrik Petterson
Nov 22 '18 at 10:51





Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.

– Henrik Petterson
Nov 22 '18 at 10:51













I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.

– miken32
Nov 22 '18 at 14:48





I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.

– miken32
Nov 22 '18 at 14:48













What version of Wordpress are you running?

– miken32
Nov 22 '18 at 14:50





What version of Wordpress are you running?

– miken32
Nov 22 '18 at 14:50













I am using the latest version.

– Henrik Petterson
Nov 22 '18 at 14:52





I am using the latest version.

– Henrik Petterson
Nov 22 '18 at 14:52













1














You can use MySQL RLIKE : 



$where .= ' AND '. $wpdb->posts .'.post_title RLIKE '.*'. $wpdb->esc_like(str_replace(["’","'"],"['’]", $search_term) ) .'.*' ';





share|improve this answer





















  • 2





    OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.

    – miken32
    Nov 21 '18 at 18:00
















1














You can use MySQL RLIKE : 



$where .= ' AND '. $wpdb->posts .'.post_title RLIKE '.*'. $wpdb->esc_like(str_replace(["’","'"],"['’]", $search_term) ) .'.*' ';





share|improve this answer





















  • 2





    OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.

    – miken32
    Nov 21 '18 at 18:00














1












1








1







You can use MySQL RLIKE : 



$where .= ' AND '. $wpdb->posts .'.post_title RLIKE '.*'. $wpdb->esc_like(str_replace(["’","'"],"['’]", $search_term) ) .'.*' ';





share|improve this answer















You can use MySQL RLIKE : 



$where .= ' AND '. $wpdb->posts .'.post_title RLIKE '.*'. $wpdb->esc_like(str_replace(["’","'"],"['’]", $search_term) ) .'.*' ';






share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 22 '18 at 16:17









miken32

24.3k95173




24.3k95173










answered Nov 21 '18 at 15:14









KhazulKhazul

1666




1666








  • 2





    OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.

    – miken32
    Nov 21 '18 at 18:00














  • 2





    OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.

    – miken32
    Nov 21 '18 at 18:00








2




2





OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.

– miken32
Nov 21 '18 at 18:00





OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.

– miken32
Nov 21 '18 at 18:00











0














I would be using twice a LIKE statement, one with the original search term, the second one with a replacement of the ' by



You can use parameterized queries. In example, using wpdb::prepare() :



$searchTerm = "You're"; //Don't sanitize using a function, this will by done with parameters.

// query

$where .= ' AND ('. $wpdb->posts .'.post_title LIKE %s OR '. $wpdb->posts .'.post_title LIKE %s)'; //Notice the double %s

//I suppose $where contains your whole query

$sth = $wpdb->prepare($where, '%' . $searchTerm . '%', '%' . str_replace('’', ''', $search_term) . '%'); //This will associate the %s (a string) in the query by the value indicated in the function

$wpdb->query($sth);


The %s is a placeholder in the query to indicate to $wpdb->prepare() that there will be a string at this place.






share|improve this answer





















  • 1





    Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?

    – Henrik Petterson
    Nov 21 '18 at 14:55






  • 1





    Sure, wait a moment

    – Cid
    Nov 21 '18 at 14:56






  • 1





    @Cid FYI, the OP is using WordPress wpdb....

    – Gary Woods
    Nov 21 '18 at 14:57






  • 1





    @GaryWoods thank you, I adapted my answer to this situation

    – Cid
    Nov 21 '18 at 15:07






  • 1





    Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.

    – miken32
    Nov 21 '18 at 17:49
















0














I would be using twice a LIKE statement, one with the original search term, the second one with a replacement of the ' by



You can use parameterized queries. In example, using wpdb::prepare() :



$searchTerm = "You're"; //Don't sanitize using a function, this will by done with parameters.

// query

$where .= ' AND ('. $wpdb->posts .'.post_title LIKE %s OR '. $wpdb->posts .'.post_title LIKE %s)'; //Notice the double %s

//I suppose $where contains your whole query

$sth = $wpdb->prepare($where, '%' . $searchTerm . '%', '%' . str_replace('’', ''', $search_term) . '%'); //This will associate the %s (a string) in the query by the value indicated in the function

$wpdb->query($sth);


The %s is a placeholder in the query to indicate to $wpdb->prepare() that there will be a string at this place.






share|improve this answer





















  • 1





    Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?

    – Henrik Petterson
    Nov 21 '18 at 14:55






  • 1





    Sure, wait a moment

    – Cid
    Nov 21 '18 at 14:56






  • 1





    @Cid FYI, the OP is using WordPress wpdb....

    – Gary Woods
    Nov 21 '18 at 14:57






  • 1





    @GaryWoods thank you, I adapted my answer to this situation

    – Cid
    Nov 21 '18 at 15:07






  • 1





    Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.

    – miken32
    Nov 21 '18 at 17:49














0












0








0







I would be using twice a LIKE statement, one with the original search term, the second one with a replacement of the ' by



You can use parameterized queries. In example, using wpdb::prepare() :



$searchTerm = "You're"; //Don't sanitize using a function, this will by done with parameters.

// query

$where .= ' AND ('. $wpdb->posts .'.post_title LIKE %s OR '. $wpdb->posts .'.post_title LIKE %s)'; //Notice the double %s

//I suppose $where contains your whole query

$sth = $wpdb->prepare($where, '%' . $searchTerm . '%', '%' . str_replace('’', ''', $search_term) . '%'); //This will associate the %s (a string) in the query by the value indicated in the function

$wpdb->query($sth);


The %s is a placeholder in the query to indicate to $wpdb->prepare() that there will be a string at this place.






share|improve this answer















I would be using twice a LIKE statement, one with the original search term, the second one with a replacement of the ' by



You can use parameterized queries. In example, using wpdb::prepare() :



$searchTerm = "You're"; //Don't sanitize using a function, this will by done with parameters.

// query

$where .= ' AND ('. $wpdb->posts .'.post_title LIKE %s OR '. $wpdb->posts .'.post_title LIKE %s)'; //Notice the double %s

//I suppose $where contains your whole query

$sth = $wpdb->prepare($where, '%' . $searchTerm . '%', '%' . str_replace('’', ''', $search_term) . '%'); //This will associate the %s (a string) in the query by the value indicated in the function

$wpdb->query($sth);


The %s is a placeholder in the query to indicate to $wpdb->prepare() that there will be a string at this place.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 21 '18 at 15:19

























answered Nov 21 '18 at 14:53









CidCid

5,15121129




5,15121129








  • 1





    Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?

    – Henrik Petterson
    Nov 21 '18 at 14:55






  • 1





    Sure, wait a moment

    – Cid
    Nov 21 '18 at 14:56






  • 1





    @Cid FYI, the OP is using WordPress wpdb....

    – Gary Woods
    Nov 21 '18 at 14:57






  • 1





    @GaryWoods thank you, I adapted my answer to this situation

    – Cid
    Nov 21 '18 at 15:07






  • 1





    Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.

    – miken32
    Nov 21 '18 at 17:49














  • 1





    Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?

    – Henrik Petterson
    Nov 21 '18 at 14:55






  • 1





    Sure, wait a moment

    – Cid
    Nov 21 '18 at 14:56






  • 1





    @Cid FYI, the OP is using WordPress wpdb....

    – Gary Woods
    Nov 21 '18 at 14:57






  • 1





    @GaryWoods thank you, I adapted my answer to this situation

    – Cid
    Nov 21 '18 at 15:07






  • 1





    Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.

    – miken32
    Nov 21 '18 at 17:49








1




1





Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?

– Henrik Petterson
Nov 21 '18 at 14:55





Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?

– Henrik Petterson
Nov 21 '18 at 14:55




1




1





Sure, wait a moment

– Cid
Nov 21 '18 at 14:56





Sure, wait a moment

– Cid
Nov 21 '18 at 14:56




1




1





@Cid FYI, the OP is using WordPress wpdb....

– Gary Woods
Nov 21 '18 at 14:57





@Cid FYI, the OP is using WordPress wpdb....

– Gary Woods
Nov 21 '18 at 14:57




1




1





@GaryWoods thank you, I adapted my answer to this situation

– Cid
Nov 21 '18 at 15:07





@GaryWoods thank you, I adapted my answer to this situation

– Cid
Nov 21 '18 at 15:07




1




1





Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.

– miken32
Nov 21 '18 at 17:49





Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.

– miken32
Nov 21 '18 at 17:49


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414546%2fmatching-curly-quotes-against-standard-quotes-in-db-query%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How to pass form data using jquery Ajax to insert data in database?

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 1 I have 4 tables namely stud, country_master_academic,master_state and master_city. The main problem is that my form consists of many different fields like textbox, radio buttons, dropdown and an image file, so i am getting really confused. I can't insert data in database. Please help me. I tried many times but its not working. Thanks for the help in advance. Modal in home.php page <div class="container"> <div class="modal fade" id="add_data_modal" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> ...
Read more

National Museum of Racing and Hall of Fame

Image
Coordinates: 43°04′35″N 73°46′24″W  /  43.0763°N 73.7734°W  / 43.0763; -73.7734 Professional sports hall of fame in Saratoga Springs, New York National Museum of Racing and Hall of Fame National Museum of Racing and Hall of Fame Established 1951 Location Saratoga Springs, New York Type Professional sports hall of fame Director Cathy Marino Curator Victoria Tokarowski Website racingmuseum.org The National Museum of Racing and Hall of Fame was founded in 1951 in Saratoga Springs, New York, to honor the achievements of American Thoroughbred race horses, jockeys, and trainers. In 1955, the museum moved to its current location on Union Avenue near Saratoga race course, at which time inductions into the hall of fame began. Each spring, following the tabulation of the final votes, the announcement of new inductees is made, usually during Kentucky Derby Week in early May. The actual inductions are held in mid-August during the Saratoga race meeting...
Read more

Guess what letter conforming each word

Image
6 $begingroup$ This is an entry in the Fortnightly Topic Challenge #41: Short and Sweet. 1 letter only could be mean anything . With an additional letter in front , could be used as medicine component and something you definitely learn or at least heard once. Add another letter in front , you would possibly hear that many times . Add an additional letter in front , you would found an independent country . With an additional letter, in the end , you would found something related to apple . Add another letter in the end , you would found something bad . Hint: Each letter is unique . word knowledge letters chemistry share | improve this question ...
Read more