$test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%s%'", mysql_real_escape_string('test'));

echo $test;

output:

SELECT * FROM `table` WHERE `text` LIKE '%s

but it should output:

SELECT * FROM `table` WHERE `text` LIKE '%test%'

... LIKE '%%%s%%'", mysql_real_escape_string('test'));

To print the % character you need to escape it with itself. Therefore the first two %% will print the % character, while the third one is for the type specifier %s. You need a double %% at the end as well.

Try:

$test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%%s%%'", mysql_real_escape_string('test'));

In sprintf, if you want to get a % sign, you have to insert %%. So it's %% for the first wildcard %, %s for the string itself and %% for the last wildcard %.

You need to escape the percent signs with a percent sign %%.

$test = sprintf("SELECT * FROM `table` WHERE `text` LIKE '%%%s%%'", mysql_real_escape_string('test'));

echo $test;

You’re jumbling contexts. For consistency, put the things that aren't inside the SQL single quotes outside of the sprintf() format string:

$test = sprintf(
          "SELECT * FROM `table` WHERE"
            . "`xt` LIKE '%s'",
          "%" . mysql_real_escape_string("test") . "%"
        );

$test = "SELECT * FROM `table` WHERE `text` LIKE '%s%'" . mysql_real_escape_string('test');

echo $test;