SQL Query giving an error

[Akriti Anand]

So I am trying to query the database to give me the title from module table.
$var = $data['title'];
$db = $this->getDbo();
$query = $db->getQuery(true);
$query
->select($db->quoteName('title'))
->from($db->quoteName('#__modules'))
->where($db->quoteName('title'). ' LIKE '. $var;
$db->setQuery($query);
$db->execute();

Where $var is the module title that is present in the title column of module table.

But I am getting this error: Save failed with the following error: SQLSTATE[42000]: Syntax error or access violation: 1305 FUNCTION joomla.<title> does not exist.

<title> exists in the title field. Why is it treating like some function? I don't understand where I am going wrong.

Help would be appreciated. Thank you :)

[Akriti Anand]

So I was giving <title> as Search (1) which it was considering as a function. Now I removed (1) to make $var = 'Breadcrumbs'. It now throws error: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'Breadcrumbs' in 'where clause'.

It seems I am still stuck :/

[Viper]

Escape $var with single quote.

->where($db->quoteName('title') . " LIKE '" . $var . "'");

[SniperSister]

Better use $db->quote($var) as quote by default also escapes the value which prevents SQLi attacks if $var is user-supplied input.

[Todor Iliev]

You have to escape and put $var in quotes with $db->quote();
Here you are an example.

$db    = $this->getDbo();

$escaped = $db->escape($data['title'], true);
$quoted  = $db->quote('%' . $escaped . '%', false);

$query = $db->getQuery(true);
$query

    ->select('a.title')
    ->from($db->quoteName('#__modules', 'a'))
    ->where('a.title LIKE '. $quoted);

$db->setQuery($query);
$db->execute();

[Akriti Anand]

So I followed this. Now there is a new error: Save failed with the following error: 00000, ,

[Viper]

echo $query;