Matching “curly” quotes against standard quotes in DB query











up vote
5
down vote

favorite
3












I have text stored in post_title column:



you’re


Using this query:



function ma_post_title_filter($where, &$wp_query) {
global $wpdb;
if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {
$search_term = sanitize_text_field($search_term);
$where .= ' AND ' . $wpdb->posts . '.post_title LIKE '%' . $wpdb->esc_like( $search_term ) . '%'';
}
return $where;
}


If $search_term is you’re, it works and finds the column. But when it is you're, it does not work (because it is a different single quotation mark).



How can I improve the query so both you’re and you're matches with you’re?



What I've tried so far




  1. Use str_replace() on $search_term to replace ' with . Example: str_replace(''','’',$wpdb->esc_like( $search_term ))... the problem with this approach is that we will never match if the stored column is you're.

  2. Do AND REPLACE on '.$wpdb->posts.'.post_title to replace ' with ... but doesn't seem to work.


I'm aware the ideal solution is to adjust all the database instances of the single quotation to a standard one but this is not possible in my case.



What's the proper solution to this?










share|improve this question




















  • 5




    The What I've tried so far section is lovely. Should be standard here. +1
    – Gary Woods
    Nov 21 at 14:45










  • Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)
    – Dammeul
    Nov 21 at 14:48










  • Did you try to replace with ' since your pattern is '.post_title LIKE '%'?
    – forpas
    Nov 21 at 14:55










  • @forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.
    – Henrik Petterson
    Nov 21 at 14:56










  • Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).
    – forpas
    Nov 21 at 15:07

















up vote
5
down vote

favorite
3












I have text stored in post_title column:



you’re


Using this query:



function ma_post_title_filter($where, &$wp_query) {
global $wpdb;
if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {
$search_term = sanitize_text_field($search_term);
$where .= ' AND ' . $wpdb->posts . '.post_title LIKE '%' . $wpdb->esc_like( $search_term ) . '%'';
}
return $where;
}


If $search_term is you’re, it works and finds the column. But when it is you're, it does not work (because it is a different single quotation mark).



How can I improve the query so both you’re and you're matches with you’re?



What I've tried so far




  1. Use str_replace() on $search_term to replace ' with . Example: str_replace(''','’',$wpdb->esc_like( $search_term ))... the problem with this approach is that we will never match if the stored column is you're.

  2. Do AND REPLACE on '.$wpdb->posts.'.post_title to replace ' with ... but doesn't seem to work.


I'm aware the ideal solution is to adjust all the database instances of the single quotation to a standard one but this is not possible in my case.



What's the proper solution to this?










share|improve this question




















  • 5




    The What I've tried so far section is lovely. Should be standard here. +1
    – Gary Woods
    Nov 21 at 14:45










  • Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)
    – Dammeul
    Nov 21 at 14:48










  • Did you try to replace with ' since your pattern is '.post_title LIKE '%'?
    – forpas
    Nov 21 at 14:55










  • @forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.
    – Henrik Petterson
    Nov 21 at 14:56










  • Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).
    – forpas
    Nov 21 at 15:07















up vote
5
down vote

favorite
3









up vote
5
down vote

favorite
3






3





I have text stored in post_title column:



you’re


Using this query:



function ma_post_title_filter($where, &$wp_query) {
global $wpdb;
if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {
$search_term = sanitize_text_field($search_term);
$where .= ' AND ' . $wpdb->posts . '.post_title LIKE '%' . $wpdb->esc_like( $search_term ) . '%'';
}
return $where;
}


If $search_term is you’re, it works and finds the column. But when it is you're, it does not work (because it is a different single quotation mark).



How can I improve the query so both you’re and you're matches with you’re?



What I've tried so far




  1. Use str_replace() on $search_term to replace ' with . Example: str_replace(''','’',$wpdb->esc_like( $search_term ))... the problem with this approach is that we will never match if the stored column is you're.

  2. Do AND REPLACE on '.$wpdb->posts.'.post_title to replace ' with ... but doesn't seem to work.


I'm aware the ideal solution is to adjust all the database instances of the single quotation to a standard one but this is not possible in my case.



What's the proper solution to this?










share|improve this question















I have text stored in post_title column:



you’re


Using this query:



function ma_post_title_filter($where, &$wp_query) {
global $wpdb;
if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {
$search_term = sanitize_text_field($search_term);
$where .= ' AND ' . $wpdb->posts . '.post_title LIKE '%' . $wpdb->esc_like( $search_term ) . '%'';
}
return $where;
}


If $search_term is you’re, it works and finds the column. But when it is you're, it does not work (because it is a different single quotation mark).



How can I improve the query so both you’re and you're matches with you’re?



What I've tried so far




  1. Use str_replace() on $search_term to replace ' with . Example: str_replace(''','’',$wpdb->esc_like( $search_term ))... the problem with this approach is that we will never match if the stored column is you're.

  2. Do AND REPLACE on '.$wpdb->posts.'.post_title to replace ' with ... but doesn't seem to work.


I'm aware the ideal solution is to adjust all the database instances of the single quotation to a standard one but this is not possible in my case.



What's the proper solution to this?







php mysql sql wordpress






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 at 10:52

























asked Nov 21 at 14:44









Henrik Petterson

944123897




944123897








  • 5




    The What I've tried so far section is lovely. Should be standard here. +1
    – Gary Woods
    Nov 21 at 14:45










  • Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)
    – Dammeul
    Nov 21 at 14:48










  • Did you try to replace with ' since your pattern is '.post_title LIKE '%'?
    – forpas
    Nov 21 at 14:55










  • @forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.
    – Henrik Petterson
    Nov 21 at 14:56










  • Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).
    – forpas
    Nov 21 at 15:07
















  • 5




    The What I've tried so far section is lovely. Should be standard here. +1
    – Gary Woods
    Nov 21 at 14:45










  • Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)
    – Dammeul
    Nov 21 at 14:48










  • Did you try to replace with ' since your pattern is '.post_title LIKE '%'?
    – forpas
    Nov 21 at 14:55










  • @forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.
    – Henrik Petterson
    Nov 21 at 14:56










  • Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).
    – forpas
    Nov 21 at 15:07










5




5




The What I've tried so far section is lovely. Should be standard here. +1
– Gary Woods
Nov 21 at 14:45




The What I've tried so far section is lovely. Should be standard here. +1
– Gary Woods
Nov 21 at 14:45












Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)
– Dammeul
Nov 21 at 14:48




Probs not suitable as you don't know if that's the search term every time, so I deleted the comment ;)
– Dammeul
Nov 21 at 14:48












Did you try to replace with ' since your pattern is '.post_title LIKE '%'?
– forpas
Nov 21 at 14:55




Did you try to replace with ' since your pattern is '.post_title LIKE '%'?
– forpas
Nov 21 at 14:55












@forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.
– Henrik Petterson
Nov 21 at 14:56




@forpas Replacing it when exactly? Please see my two example approaches and notes about why it did not work. Thanks.
– Henrik Petterson
Nov 21 at 14:56












Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).
– forpas
Nov 21 at 15:07






Your pattern is this: '.post_title LIKE '%' meaning you're trying to match with ', right? So you apply str_replace('’', ''', $search_term).
– forpas
Nov 21 at 15:07














3 Answers
3






active

oldest

votes

















up vote
2
down vote



accepted










I wanted to point out that % is not the only placeholder that can be used in LIKE queries. You can use the underscore _ to indicate a single character as well. One approach could be to replace every punctuation character in a certain class with an underscore. This would allow "you're" to match "you’re" and vice-versa. (Granted, it would also allow "youvre" to match as well!)



<?php
function ma_post_title_filter($where, &$wp_query) {
global $wpdb;
$punct = ["’", "‘", "”", "“"];
if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {
// escape any % or _ characters
$search_term = $wpdb->esc_like($search_term);
// replace desired punctuation characters with _
$search_term = str_replace($punct, "_", $search_term);
// do final escaping for safe queries
$search_term = $wpdb->_real_escape($search_term);
// this looks much neater with string interpolation vs concatenation
$where .= " AND $wpdb->posts.post_title LIKE '%$search_term%'";
}
return $where;
}


You should, when passing values to a LIKE clause, use wpdb::esc_like() to ensure any user-supplied percent signs or underscores don't get in the way of things. sanitize_text_field() is meant to be used before output to HTML, and does nothing to make text safe for a database query. That's what wpdb::_real_escape() is for.






share|improve this answer



















  • 1




    Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!
    – Henrik Petterson
    Nov 22 at 10:42










  • Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.
    – Henrik Petterson
    Nov 22 at 10:51










  • I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.
    – miken32
    Nov 22 at 14:48










  • What version of Wordpress are you running?
    – miken32
    Nov 22 at 14:50










  • I am using the latest version.
    – Henrik Petterson
    Nov 22 at 14:52


















up vote
1
down vote













You can use MySQL RLIKE :



$where .= ' AND '. $wpdb->posts .'.post_title RLIKE '.*'. $wpdb->esc_like(str_replace(["’","'"],"['’]", $search_term) ) .'.*' ';





share|improve this answer



















  • 2




    OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.
    – miken32
    Nov 21 at 18:00


















up vote
0
down vote













I would be using twice a LIKE statement, one with the original search term, the second one with a replacement of the ' by



You can use parameterized queries. In example, using wpdb::prepare() :



$searchTerm = "You're"; //Don't sanitize using a function, this will by done with parameters.
// query
$where .= ' AND ('. $wpdb->posts .'.post_title LIKE %s OR '. $wpdb->posts .'.post_title LIKE %s)'; //Notice the double %s
//I suppose $where contains your whole query
$sth = $wpdb->prepare($where, '%' . $searchTerm . '%', '%' . str_replace('’', ''', $search_term) . '%'); //This will associate the %s (a string) in the query by the value indicated in the function
$wpdb->query($sth);


The %s is a placeholder in the query to indicate to $wpdb->prepare() that there will be a string at this place.






share|improve this answer



















  • 1




    Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?
    – Henrik Petterson
    Nov 21 at 14:55






  • 1




    Sure, wait a moment
    – Cid
    Nov 21 at 14:56






  • 1




    @Cid FYI, the OP is using WordPress wpdb....
    – Gary Woods
    Nov 21 at 14:57






  • 1




    @GaryWoods thank you, I adapted my answer to this situation
    – Cid
    Nov 21 at 15:07






  • 1




    Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.
    – miken32
    Nov 21 at 17:49











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414546%2fmatching-curly-quotes-against-standard-quotes-in-db-query%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























3 Answers
3






active

oldest

votes








3 Answers
3






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
2
down vote



accepted










I wanted to point out that % is not the only placeholder that can be used in LIKE queries. You can use the underscore _ to indicate a single character as well. One approach could be to replace every punctuation character in a certain class with an underscore. This would allow "you're" to match "you’re" and vice-versa. (Granted, it would also allow "youvre" to match as well!)



<?php
function ma_post_title_filter($where, &$wp_query) {
global $wpdb;
$punct = ["’", "‘", "”", "“"];
if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {
// escape any % or _ characters
$search_term = $wpdb->esc_like($search_term);
// replace desired punctuation characters with _
$search_term = str_replace($punct, "_", $search_term);
// do final escaping for safe queries
$search_term = $wpdb->_real_escape($search_term);
// this looks much neater with string interpolation vs concatenation
$where .= " AND $wpdb->posts.post_title LIKE '%$search_term%'";
}
return $where;
}


You should, when passing values to a LIKE clause, use wpdb::esc_like() to ensure any user-supplied percent signs or underscores don't get in the way of things. sanitize_text_field() is meant to be used before output to HTML, and does nothing to make text safe for a database query. That's what wpdb::_real_escape() is for.






share|improve this answer



















  • 1




    Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!
    – Henrik Petterson
    Nov 22 at 10:42










  • Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.
    – Henrik Petterson
    Nov 22 at 10:51










  • I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.
    – miken32
    Nov 22 at 14:48










  • What version of Wordpress are you running?
    – miken32
    Nov 22 at 14:50










  • I am using the latest version.
    – Henrik Petterson
    Nov 22 at 14:52















up vote
2
down vote



accepted










I wanted to point out that % is not the only placeholder that can be used in LIKE queries. You can use the underscore _ to indicate a single character as well. One approach could be to replace every punctuation character in a certain class with an underscore. This would allow "you're" to match "you’re" and vice-versa. (Granted, it would also allow "youvre" to match as well!)



<?php
function ma_post_title_filter($where, &$wp_query) {
global $wpdb;
$punct = ["’", "‘", "”", "“"];
if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {
// escape any % or _ characters
$search_term = $wpdb->esc_like($search_term);
// replace desired punctuation characters with _
$search_term = str_replace($punct, "_", $search_term);
// do final escaping for safe queries
$search_term = $wpdb->_real_escape($search_term);
// this looks much neater with string interpolation vs concatenation
$where .= " AND $wpdb->posts.post_title LIKE '%$search_term%'";
}
return $where;
}


You should, when passing values to a LIKE clause, use wpdb::esc_like() to ensure any user-supplied percent signs or underscores don't get in the way of things. sanitize_text_field() is meant to be used before output to HTML, and does nothing to make text safe for a database query. That's what wpdb::_real_escape() is for.






share|improve this answer



















  • 1




    Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!
    – Henrik Petterson
    Nov 22 at 10:42










  • Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.
    – Henrik Petterson
    Nov 22 at 10:51










  • I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.
    – miken32
    Nov 22 at 14:48










  • What version of Wordpress are you running?
    – miken32
    Nov 22 at 14:50










  • I am using the latest version.
    – Henrik Petterson
    Nov 22 at 14:52













up vote
2
down vote



accepted







up vote
2
down vote



accepted






I wanted to point out that % is not the only placeholder that can be used in LIKE queries. You can use the underscore _ to indicate a single character as well. One approach could be to replace every punctuation character in a certain class with an underscore. This would allow "you're" to match "you’re" and vice-versa. (Granted, it would also allow "youvre" to match as well!)



<?php
function ma_post_title_filter($where, &$wp_query) {
global $wpdb;
$punct = ["’", "‘", "”", "“"];
if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {
// escape any % or _ characters
$search_term = $wpdb->esc_like($search_term);
// replace desired punctuation characters with _
$search_term = str_replace($punct, "_", $search_term);
// do final escaping for safe queries
$search_term = $wpdb->_real_escape($search_term);
// this looks much neater with string interpolation vs concatenation
$where .= " AND $wpdb->posts.post_title LIKE '%$search_term%'";
}
return $where;
}


You should, when passing values to a LIKE clause, use wpdb::esc_like() to ensure any user-supplied percent signs or underscores don't get in the way of things. sanitize_text_field() is meant to be used before output to HTML, and does nothing to make text safe for a database query. That's what wpdb::_real_escape() is for.






share|improve this answer














I wanted to point out that % is not the only placeholder that can be used in LIKE queries. You can use the underscore _ to indicate a single character as well. One approach could be to replace every punctuation character in a certain class with an underscore. This would allow "you're" to match "you’re" and vice-versa. (Granted, it would also allow "youvre" to match as well!)



<?php
function ma_post_title_filter($where, &$wp_query) {
global $wpdb;
$punct = ["’", "‘", "”", "“"];
if ( $search_term = $wp_query->get( 'ma_search_post_title' ) ) {
// escape any % or _ characters
$search_term = $wpdb->esc_like($search_term);
// replace desired punctuation characters with _
$search_term = str_replace($punct, "_", $search_term);
// do final escaping for safe queries
$search_term = $wpdb->_real_escape($search_term);
// this looks much neater with string interpolation vs concatenation
$where .= " AND $wpdb->posts.post_title LIKE '%$search_term%'";
}
return $where;
}


You should, when passing values to a LIKE clause, use wpdb::esc_like() to ensure any user-supplied percent signs or underscores don't get in the way of things. sanitize_text_field() is meant to be used before output to HTML, and does nothing to make text safe for a database query. That's what wpdb::_real_escape() is for.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 22 at 14:54

























answered Nov 21 at 17:46









miken32

23k84671




23k84671








  • 1




    Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!
    – Henrik Petterson
    Nov 22 at 10:42










  • Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.
    – Henrik Petterson
    Nov 22 at 10:51










  • I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.
    – miken32
    Nov 22 at 14:48










  • What version of Wordpress are you running?
    – miken32
    Nov 22 at 14:50










  • I am using the latest version.
    – Henrik Petterson
    Nov 22 at 14:52














  • 1




    Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!
    – Henrik Petterson
    Nov 22 at 10:42










  • Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.
    – Henrik Petterson
    Nov 22 at 10:51










  • I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.
    – miken32
    Nov 22 at 14:48










  • What version of Wordpress are you running?
    – miken32
    Nov 22 at 14:50










  • I am using the latest version.
    – Henrik Petterson
    Nov 22 at 14:52








1




1




Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!
– Henrik Petterson
Nov 22 at 10:42




Thank you for the excellent approach, but it is not working. Is there a typo in $where? Here is an example code you can use to test this. I feel the issue is likely a typo as the code itself is very logic!
– Henrik Petterson
Nov 22 at 10:42












Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.
– Henrik Petterson
Nov 22 at 10:51




Removing the $wpdb->real_escape($search_term); part seem to at least allow the code to run. But $string_term = "you're";is still not matching with a post with title you’re.
– Henrik Petterson
Nov 22 at 10:51












I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.
– miken32
Nov 22 at 14:48




I don’t have a way to test this but I’d suggest printing out $search_term at various points through the code, and doing the same to see what $where looks like.
– miken32
Nov 22 at 14:48












What version of Wordpress are you running?
– miken32
Nov 22 at 14:50




What version of Wordpress are you running?
– miken32
Nov 22 at 14:50












I am using the latest version.
– Henrik Petterson
Nov 22 at 14:52




I am using the latest version.
– Henrik Petterson
Nov 22 at 14:52












up vote
1
down vote













You can use MySQL RLIKE :



$where .= ' AND '. $wpdb->posts .'.post_title RLIKE '.*'. $wpdb->esc_like(str_replace(["’","'"],"['’]", $search_term) ) .'.*' ';





share|improve this answer



















  • 2




    OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.
    – miken32
    Nov 21 at 18:00















up vote
1
down vote













You can use MySQL RLIKE :



$where .= ' AND '. $wpdb->posts .'.post_title RLIKE '.*'. $wpdb->esc_like(str_replace(["’","'"],"['’]", $search_term) ) .'.*' ';





share|improve this answer



















  • 2




    OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.
    – miken32
    Nov 21 at 18:00













up vote
1
down vote










up vote
1
down vote









You can use MySQL RLIKE :



$where .= ' AND '. $wpdb->posts .'.post_title RLIKE '.*'. $wpdb->esc_like(str_replace(["’","'"],"['’]", $search_term) ) .'.*' ';





share|improve this answer














You can use MySQL RLIKE :



$where .= ' AND '. $wpdb->posts .'.post_title RLIKE '.*'. $wpdb->esc_like(str_replace(["’","'"],"['’]", $search_term) ) .'.*' ';






share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 22 at 16:17









miken32

23k84671




23k84671










answered Nov 21 at 15:14









Khazul

1566




1566








  • 2




    OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.
    – miken32
    Nov 21 at 18:00














  • 2




    OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.
    – miken32
    Nov 21 at 18:00








2




2




OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.
– miken32
Nov 21 at 18:00




OP already said they can't change the existing data, but use of RLIKE is a good idea; you should edit your post to make your code more readable and it should get some upvotes.
– miken32
Nov 21 at 18:00










up vote
0
down vote













I would be using twice a LIKE statement, one with the original search term, the second one with a replacement of the ' by



You can use parameterized queries. In example, using wpdb::prepare() :



$searchTerm = "You're"; //Don't sanitize using a function, this will by done with parameters.
// query
$where .= ' AND ('. $wpdb->posts .'.post_title LIKE %s OR '. $wpdb->posts .'.post_title LIKE %s)'; //Notice the double %s
//I suppose $where contains your whole query
$sth = $wpdb->prepare($where, '%' . $searchTerm . '%', '%' . str_replace('’', ''', $search_term) . '%'); //This will associate the %s (a string) in the query by the value indicated in the function
$wpdb->query($sth);


The %s is a placeholder in the query to indicate to $wpdb->prepare() that there will be a string at this place.






share|improve this answer



















  • 1




    Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?
    – Henrik Petterson
    Nov 21 at 14:55






  • 1




    Sure, wait a moment
    – Cid
    Nov 21 at 14:56






  • 1




    @Cid FYI, the OP is using WordPress wpdb....
    – Gary Woods
    Nov 21 at 14:57






  • 1




    @GaryWoods thank you, I adapted my answer to this situation
    – Cid
    Nov 21 at 15:07






  • 1




    Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.
    – miken32
    Nov 21 at 17:49















up vote
0
down vote













I would be using twice a LIKE statement, one with the original search term, the second one with a replacement of the ' by



You can use parameterized queries. In example, using wpdb::prepare() :



$searchTerm = "You're"; //Don't sanitize using a function, this will by done with parameters.
// query
$where .= ' AND ('. $wpdb->posts .'.post_title LIKE %s OR '. $wpdb->posts .'.post_title LIKE %s)'; //Notice the double %s
//I suppose $where contains your whole query
$sth = $wpdb->prepare($where, '%' . $searchTerm . '%', '%' . str_replace('’', ''', $search_term) . '%'); //This will associate the %s (a string) in the query by the value indicated in the function
$wpdb->query($sth);


The %s is a placeholder in the query to indicate to $wpdb->prepare() that there will be a string at this place.






share|improve this answer



















  • 1




    Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?
    – Henrik Petterson
    Nov 21 at 14:55






  • 1




    Sure, wait a moment
    – Cid
    Nov 21 at 14:56






  • 1




    @Cid FYI, the OP is using WordPress wpdb....
    – Gary Woods
    Nov 21 at 14:57






  • 1




    @GaryWoods thank you, I adapted my answer to this situation
    – Cid
    Nov 21 at 15:07






  • 1




    Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.
    – miken32
    Nov 21 at 17:49













up vote
0
down vote










up vote
0
down vote









I would be using twice a LIKE statement, one with the original search term, the second one with a replacement of the ' by



You can use parameterized queries. In example, using wpdb::prepare() :



$searchTerm = "You're"; //Don't sanitize using a function, this will by done with parameters.
// query
$where .= ' AND ('. $wpdb->posts .'.post_title LIKE %s OR '. $wpdb->posts .'.post_title LIKE %s)'; //Notice the double %s
//I suppose $where contains your whole query
$sth = $wpdb->prepare($where, '%' . $searchTerm . '%', '%' . str_replace('’', ''', $search_term) . '%'); //This will associate the %s (a string) in the query by the value indicated in the function
$wpdb->query($sth);


The %s is a placeholder in the query to indicate to $wpdb->prepare() that there will be a string at this place.






share|improve this answer














I would be using twice a LIKE statement, one with the original search term, the second one with a replacement of the ' by



You can use parameterized queries. In example, using wpdb::prepare() :



$searchTerm = "You're"; //Don't sanitize using a function, this will by done with parameters.
// query
$where .= ' AND ('. $wpdb->posts .'.post_title LIKE %s OR '. $wpdb->posts .'.post_title LIKE %s)'; //Notice the double %s
//I suppose $where contains your whole query
$sth = $wpdb->prepare($where, '%' . $searchTerm . '%', '%' . str_replace('’', ''', $search_term) . '%'); //This will associate the %s (a string) in the query by the value indicated in the function
$wpdb->query($sth);


The %s is a placeholder in the query to indicate to $wpdb->prepare() that there will be a string at this place.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 21 at 15:19

























answered Nov 21 at 14:53









Cid

3,02921025




3,02921025








  • 1




    Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?
    – Henrik Petterson
    Nov 21 at 14:55






  • 1




    Sure, wait a moment
    – Cid
    Nov 21 at 14:56






  • 1




    @Cid FYI, the OP is using WordPress wpdb....
    – Gary Woods
    Nov 21 at 14:57






  • 1




    @GaryWoods thank you, I adapted my answer to this situation
    – Cid
    Nov 21 at 15:07






  • 1




    Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.
    – miken32
    Nov 21 at 17:49














  • 1




    Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?
    – Henrik Petterson
    Nov 21 at 14:55






  • 1




    Sure, wait a moment
    – Cid
    Nov 21 at 14:56






  • 1




    @Cid FYI, the OP is using WordPress wpdb....
    – Gary Woods
    Nov 21 at 14:57






  • 1




    @GaryWoods thank you, I adapted my answer to this situation
    – Cid
    Nov 21 at 15:07






  • 1




    Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.
    – miken32
    Nov 21 at 17:49








1




1




Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?
– Henrik Petterson
Nov 21 at 14:55




Thanks but can you kindly edit your answer with examples of how to adjust my specific code with your approach?
– Henrik Petterson
Nov 21 at 14:55




1




1




Sure, wait a moment
– Cid
Nov 21 at 14:56




Sure, wait a moment
– Cid
Nov 21 at 14:56




1




1




@Cid FYI, the OP is using WordPress wpdb....
– Gary Woods
Nov 21 at 14:57




@Cid FYI, the OP is using WordPress wpdb....
– Gary Woods
Nov 21 at 14:57




1




1




@GaryWoods thank you, I adapted my answer to this situation
– Cid
Nov 21 at 15:07




@GaryWoods thank you, I adapted my answer to this situation
– Cid
Nov 21 at 15:07




1




1




Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.
– miken32
Nov 21 at 17:49




Yeah using prepared statements is always the best approach, but Wordpress makes this very difficult to do. The function in the original question is applied dynamically by WP when there's a search query involved, so the actual execution is handled elsewhere.
– miken32
Nov 21 at 17:49


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53414546%2fmatching-curly-quotes-against-standard-quotes-in-db-query%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

What visual should I use to simply compare current year value vs last year in Power BI desktop

How to ignore python UserWarning in pytest?

Alexandru Averescu