Adding a wildcard character to a string in PHP

I'm buil开发者_Python百科ding an auto-complete plugin and I need to check all words that start with a certain term, for example, setting $one as follows will detect "list", "listener", "listening", etc.:

$one= "list%";

How do I append a wildcard (%) to my second example to achieve the same result?

$one= $_REQUEST['term'];  // lacks %

After analyzing your riddle, I think this is what you want:

$one = $_REQUEST["term"] . "%";

This appends the % sql placeholder to that search term. (That's what I surmise here.)

This is a pretty interesting method of creating an auto-complete form. In order for this not be a security nightmare consider few things:

SQL Injections:

The best way to protect your website from these types of attacks is to use PDO and prepared queries.

• How to use PDO
• Best way to stop SQL Injection in PHP

Form Validation and Sanitation:

Data from $_GET or $_POST should always be treated with care. You are passing variables from $_GET straight to database. This is very insecure. Imagine if instead of a name you got something like 'Mike;{InsertEvilCode}'.

• What's the best method for sanitizing user input with PHP?
• Is there any kind of sanitation I need for using _GET data?
• POST's validation?

Searching with Wildcards (%):

In general 'Wildcard' searches are pretty slow, so you want to keep the number of Wildcard symbols low.

• SQL Wildcards
• Sql wildcard: performance overhead?