Thankfully to below quoted post I've realized why my SQL statement shows error where phpmyadmin is working fine
my SQL
Code:
SELECT * FROM tl_js_jobs AS jobs, tl_js_customer AS cust WHERE jobs.customerID=cust.id AND jobs.jobID LIKE '%cd%' ORDER BY jobs.jobID
From the below mentioned
Code:
UPDATE tl_school_schools %s WHERE id=?
is understandable that Typolight is using % and ? symbols, I've tryed to made double %% and it is working for me
Code:
SELECT * FROM tl_js_jobs AS jobs, tl_js_customer AS cust WHERE jobs.customerID=cust.id AND jobs.jobID LIKE '%%cd%%' ORDER BY jobs.jobID

Message #58320
acenes
Partner
Avatar
Posts: 1556
Chur, Switzerland
Show all topics

iconCaution:
The way you directly use $_POST variables in the SQL statement made your site vulnerable for SQL-Injection.


Your should use the Input class to fetch the variables and the escape function of the database classes to insert the vars.

Either:

iconphp:

$this->Database
->prepare(
"UPDATE tl_school_schools".
" SET school_desc=?, website=?, city=?, ....." .
" WHERE id=?"
)
->execute(
$this->Input->post('school_desc'),
$this->Input->post('website'),
$this->Input->post('city'),
.....
$this->Input->post('schoolkey')
);


Or:

iconphp:

$this->Database
->prepare("UPDATE tl_school_schools %s WHERE id=?")
->set(
array(
'school_desc' => $this->Input->post('school_desc'),
'website' => $this->Input->post('website'),
'city' => $this->Input->post('city'),
.....
)
)
->execute($this->Input->post('schoolkey'));


Now you also see why you have issues with the question mark: It is used as variable placeholder.
Peter - "May the the TYPOlight shine on you"