How do I create a PDO parameterized query with a LIKE statement?
Figured it out right after I posted:
$query = $database->prepare('SELECT * FROM table WHERE column LIKE ?');
$query->execute(array('value%'));
while ($results = $query->fetch())
{
echo $results['column'];
}
implement LIKE query in PDO
You have to include the %
signs in the $params
, not in the query:
$query = "SELECT * FROM tbl WHERE address LIKE ? OR address LIKE ?";
$params = array("%$var1%", "%$var2%");
$stmt = $handle->prepare($query);
$stmt->execute($params);
If you'd look at the generated query in your previous code, you'd see something like SELECT * FROM tbl WHERE address LIKE '%"foo"%' OR address LIKE '%"bar"%'
, because the prepared statement is quoting your values inside of an already quoted string.
How can create parameterized query with AND and Like operator using PDO?
If you've read prepare
manual carefully, you will notice that
The SQL statement can contain zero or more named (:name) or question mark (?) parameter markers for which real values will be substituted when the statement is executed. You cannot use both named and question mark parameter markers within the same SQL statement; pick one or the other parameter style.
So, proper queries are:
$PromotionSts=$this->pdoConnection->prepare("SELECT * FROM `ws_promotion` AS prm LEFT JOIN `ws_pro_cat` AS prmCat ON prm.`pm_id` = prmCat.`pm_id`
WHERE prmCat.`cat_id` = :cat_id AND prm.`pm_title` LIKE :pm_title");
// Both query parameteres are named parameters
$PromotionSts->bindParam(':cat_id', $cat_id);
// variables in single quotes are NOT parsed
$PromotionSts->bindParam(':pm_title', '%' . $pm_title . '%');
// this lines are useless
//$cat_id = $cat_id;
//$pm_title = $pm_title;
$PromotionSts->execute();
Or:
$PromotionSts=$this->pdoConnection->prepare("SELECT * FROM `ws_promotion` AS prm LEFT JOIN `ws_pro_cat` AS prmCat ON prm.`pm_id` = prmCat.`pm_id`
WHERE prmCat.`cat_id` = ? AND prm.`pm_title` LIKE ? ");
// Both query parameteres are ? marks
$PromotionSts->execute(array(3,'%Essa%'));
How to escape 'LIKE' statement in custom PDO query
You need to put the wildcard match characters in the placeholder, not in the query, so instead of doing:
$search = 'find this string';
$db::query("SELECT ... FROM table WHERE col LIKE '%?%' ");
You do:
$search = '%find this string%';
$db::query("SELECT ... FROM table WHERE col LIKE ? ");
Using A PDO Prepared Statement On A Search Form Query - PHP
Alternative 1:
$sql = "SELECT imgp.*, u.id, u.firstname, u.lastname
FROM imageposts AS imgp
INNER JOIN users AS u ON imgp.user_id = u.id
WHERE image_title LIKE CONCAT('%', ?, '%')";
$stmt = $connection->prepare($sql);
$stmt->execute([$searchQuery]);
Alternative 2:
$sql = "SELECT imgp.*, u.id, u.firstname, u.lastname
FROM imageposts AS imgp
INNER JOIN users AS u ON imgp.user_id = u.id
WHERE image_title LIKE ?";
$stmt = $connection->prepare($sql);
$stmt->execute(["%{$searchQuery}%"]);
How to use bindValue with LIKE operator in SQL query?
You probably want :
$query = "SELECT *
FROM books
WHERE title LIKE CONCAT( '%', :title, '%')";
...
...
statement->bindValue(':title', $title, PDO::PARAM_STR);
The bind parameter should be used as a litteral string. CONCAT can be used to concatenate the parameter with percent signs on both ends.
Related Topics
What Is the Use of the @ Symbol in PHP
Allow PHP Sessions to Carry Over to Subdomains
PHP Syntax For Dereferencing Function Result
Sort Multidimensional Array by Multiple Columns
PHP Sessions Across Sub Domains
Mvc For Advanced PHP Developers
What's Better At Freeing Memory With PHP: Unset() or $Var = Null
Replace Urls in Text With HTML Links
MySQL - This Version of MySQL Doesn't Yet Support 'Limit & In/All/Any/Some Subquery
Parse Xml With Namespace Using Simplexml
Accessing @Attribute from Simplexml
PHP Display Image Blob from MySQL
How to Run PHP from Windows Command Line in Wampserver
Redirect All to Index.PHP Using Htaccess
Simplest Two-Way Encryption Using PHP
How to Access PHP Variables in JavaScript or Jquery Rather Than ≪PHP Echo $Variable ≫