phranque - 1:52 pm on Sep 11, 2012 (gmt 0)
welcome to WebmasterWorld, Runaard!
ideally you would have canonicalized the format of all phone numbers as part of cleansing and validating all user input values before inserting into your database.
you should read about SQL injection and test your forms to see if your application accepts malicious input.
in your situation i would use a regular expression in the where clause of the sql query.