PHP PDO & SQL Search wildcard bind parameters
Try this Example : Check where is you are wrong.
// Get the keyword from query string
$keyword = $_GET['keyword'];
// Prepare the command
$sth = $dbh->prepare('SELECT * FROM `users` WHERE `firstname` LIKE :keyword');
// Put the percentage sing on the keyword
$keyword = "%".$keyword."%";
// Bind the parameter
$sth->bindParam(':keyword', $keyword, PDO::PARAM_STR);
mySqli Bind Parameter LIKE with Wildcard
$searchStr = 'oracle';
$sql= 'SELECT bookTitle, bookPrice FROM nbc_book WHERE catID LIKE ? AND bookTitle LIKE "%'.$searchStr.'%" AND bookPrice < ?';
$stmt=mysqli_prepare($con,$sql);
mysqli_stmt_bind_param($stmt,"ssi",$selected,$price);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $bookTitle, $bookPrice);
while ($stmt->fetch()) {
echo $bookTitle;
}
Implement LIKE in PHP prepared Statements with % wildcards
I want to thank everyone for their help with this. ArtisticPhoenix got me headed in the right direction.
This post hit the mark of what I was looking for to bring it all together:
Adding a wildcard character to a string in PHP
Here's the "slightly" updated code:
$search = $_POST['search'].'%';
//echo($search);
$stmt = $link->prepare("SELECT lname, fname FROM planner WHERE lname LIKE ?");
$stmt->bind_param('s', $search);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
echo "<table><tr><th>Last Name</th><th>First Name</th></tr>";
while($row = $result->fetch_assoc()) {
echo "<tr><td>".$row["lname"]."</td><td>".$row["fname"]."</td></tr>";
}
echo "</table>";
} else {
echo "0 results";
}
How to properly use Wildcard with CONCAT
The problem is not in LIKE
, but in PHP and PDO. Stare at the 3 conflicting uses of $row
in your code:
$row = $query->fetch(PDO::FETCH_ASSOC);
while ($row = $query->fetchObject()) {
echo "<div> $row->EventCategory </div>"; }
Then review the documentation and examples. (Sorry, I'm not going to feed you the answer; you need to study to understand it.)
pdo prepared statements with wildcards
It can work with bind param too in following way:
$name = "%$name%";
$query = $dbh->prepare("SELECT * FROM `gc_users` WHERE `name` like :name");
$query->bindParam(':name', $name);
$query->execute();
Set PHP variable to MySQL wildcard '%'
Using Wildcards in Prepared Statements With PDO
When using a wildcard in MySQL you must use the LIKE
operator. It is correct to bind the wildcard with parameters in PDO.
You would prepare your statement like so.
$get_recipes = $con->prepare ("SELECT * FROM recipes WHERE tags LIKE ?");
And then you would bind your parameter using the %
character, like so.
$get_recipes->execute(array('%'));
While that is the correct way to use a wildcard in the way you've proposed, that is not the correct solution to do what you're trying to do.
How to achieve what you're trying to achieve
In your code it looks like you want to select all rows if $_POST['tags']
is not set, and if it is set you want to select all rows that have the tags
column set to the value of $_POST['tags']
. To do this, you would want to prepare your statement inside the conditional, like so.
if (!isset($_GET['tag'])) {
$get_recipes = $con->prepare ("SELECT * FROM recipes");
$get_recipes->execute();
} else {
$get_recipes = $con->prepare ("SELECT * FROM recipes WHERE tags = ?");
$get_recipes->execute(array($_GET['tag']));
}
$recipes = $get_recipes->fetchAll();
Using wildcards in prepared statement
You have to pass parameters to bind_param()
by reference, which means you have to pass a single variable (not a concatenated string). There's no reason you can't construct such a variable specifically to pass in, though:
$className = '%' . $this->className . '%';
$query->bind_param('s', $className);
Route model binding with multiple wildcards
You may want to explore the docs a bit in regard to explicit route model binding and customizing the resolution logic to get some ideas.
https://laravel.com/docs/8.x/routing#customizing-the-resolution-logic
The following is untested and I'm making some guesses about your table structures, but I think this should give you a basic concept of how you can alter route model binding to fit your needs. The same concept could also be applied to the {subcategory}
binding, but with one less relationship check.
App/Providers/RouteServiceProvider.php
public function boot()
{
// ...default code...
// add custom resolution for binding 'subsubcategory'
Route::bind('subsubcategory', function($slug, $route) {
// check to see if category exists
if ($category = Category::where('slug',$route->parameter('category'))->first()) {
// check to see if subcategory exists under category
if ($subcategory = $category->subcategories()->where('slug',$route->parameter('subcategory'))->first()) {
// check to see if subsubcategory exists under subcategory
if ($subsubcategory = $subcategory->subsubcategories()->where('slug',$slug)->first()) {
// success, proper relationship exists
return $subsubcategory;
}
}
}
// fail (404) if we get here
throw new ModelNotFoundException();
});
}
I will note, however, that this makes a number of separate database calls. There may be more efficient ways to achieve the same goal through other methods if optimization is a concern.
Mysqli Prepared Statement with % wildcard
You need to bind the complete value, not just a portion of it. This means doing:
$where = "First_Name LIKE ?"
And then binding:
$vals = array('%Mike%');
Related Topics
How to Decode a Base64 String (Gif) into Image in PHP/Html
Use of Undefined Constant Stdin - Assumed 'Stdin' in C:\Wamp\Www\Study\Sayhello.PHP on Line 5
Html2Pdf in PHP - Convert Utilities & Scripts - Examples & Demos
How to Detect If a User Uploaded a File Larger Than Post_Max_Size
How to Curry Method Calls in PHP
What Does an Exclamation Mark Before a Function Really Mean in PHP
How to Merge 3 Images into 1 Image via PHP
Error Tolerant HTML/Xml/Sgml Parsing in PHP
How to Hide PHP File Extension Without Using .Htaccess
Passing and Parse Paypal Ipn Custom Field
Calling a Controller Function in Another Controller in Codeigniter
Move Value in PHP Array to the Beginning of the Array
PHP Upload Image to Remote Server with Curl
Difference(When Being Applied to My Code) Between Int(10) and Int(12)