PHP Binding a Wildcard

PHP PDO & SQL Search wildcard bind parameters

Try this Example : Check where is you are wrong.

// Get the keyword from query string
$keyword = $_GET['keyword'];
// Prepare the command
$sth = $dbh->prepare('SELECT * FROM `users` WHERE `firstname` LIKE :keyword');
// Put the percentage sing on the keyword
$keyword = "%".$keyword."%";
// Bind the parameter
$sth->bindParam(':keyword', $keyword, PDO::PARAM_STR);

mySqli Bind Parameter LIKE with Wildcard

$searchStr =  'oracle';
$sql= 'SELECT bookTitle, bookPrice FROM nbc_book WHERE catID LIKE ? AND bookTitle LIKE "%'.$searchStr.'%" AND bookPrice < ?';
$stmt=mysqli_prepare($con,$sql);
mysqli_stmt_bind_param($stmt,"ssi",$selected,$price);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $bookTitle, $bookPrice); 
while ($stmt->fetch()) {
    echo $bookTitle;
}

Implement LIKE in PHP prepared Statements with % wildcards

I want to thank everyone for their help with this. ArtisticPhoenix got me headed in the right direction.

This post hit the mark of what I was looking for to bring it all together:

Adding a wildcard character to a string in PHP

Here's the "slightly" updated code:

    $search = $_POST['search'].'%';

    //echo($search);

    $stmt = $link->prepare("SELECT lname, fname FROM planner WHERE lname LIKE ?");
    $stmt->bind_param('s', $search);
    $stmt->execute();
    $result = $stmt->get_result();

    if ($result->num_rows > 0) {
    echo "<table><tr><th>Last Name</th><th>First Name</th></tr>";
    while($row = $result->fetch_assoc()) {
        echo "<tr><td>".$row["lname"]."</td><td>".$row["fname"]."</td></tr>";
    }
    echo "</table>";
} else {
    echo "0 results";
}

How to properly use Wildcard with CONCAT

The problem is not in LIKE, but in PHP and PDO. Stare at the 3 conflicting uses of $row in your code:

$row = $query->fetch(PDO::FETCH_ASSOC);
while ($row = $query->fetchObject()) {
echo "<div>  $row->EventCategory </div>"; }

Then review the documentation and examples. (Sorry, I'm not going to feed you the answer; you need to study to understand it.)

pdo prepared statements with wildcards

It can work with bind param too in following way:

$name = "%$name%";
$query = $dbh->prepare("SELECT * FROM `gc_users` WHERE `name` like :name");
$query->bindParam(':name', $name);
$query->execute();

Set PHP variable to MySQL wildcard '%'

Using Wildcards in Prepared Statements With PDO

When using a wildcard in MySQL you must use the LIKE operator. It is correct to bind the wildcard with parameters in PDO.

You would prepare your statement like so.

$get_recipes = $con->prepare ("SELECT * FROM recipes WHERE tags LIKE ?");

And then you would bind your parameter using the % character, like so.

 $get_recipes->execute(array('%'));

While that is the correct way to use a wildcard in the way you've proposed, that is not the correct solution to do what you're trying to do.

How to achieve what you're trying to achieve

In your code it looks like you want to select all rows if $_POST['tags'] is not set, and if it is set you want to select all rows that have the tags column set to the value of $_POST['tags']. To do this, you would want to prepare your statement inside the conditional, like so.

if (!isset($_GET['tag'])) {
    $get_recipes = $con->prepare ("SELECT * FROM recipes");
    $get_recipes->execute();
} else {
    $get_recipes = $con->prepare ("SELECT * FROM recipes WHERE tags = ?");
    $get_recipes->execute(array($_GET['tag']));
}

$recipes = $get_recipes->fetchAll();

Using wildcards in prepared statement

You have to pass parameters to bind_param() by reference, which means you have to pass a single variable (not a concatenated string). There's no reason you can't construct such a variable specifically to pass in, though:

$className = '%' . $this->className . '%';
$query->bind_param('s', $className);

Route model binding with multiple wildcards

You may want to explore the docs a bit in regard to explicit route model binding and customizing the resolution logic to get some ideas.

https://laravel.com/docs/8.x/routing#customizing-the-resolution-logic

The following is untested and I'm making some guesses about your table structures, but I think this should give you a basic concept of how you can alter route model binding to fit your needs. The same concept could also be applied to the {subcategory} binding, but with one less relationship check.

App/Providers/RouteServiceProvider.php

public function boot()
{
    // ...default code...

    // add custom resolution for binding 'subsubcategory'
    Route::bind('subsubcategory', function($slug, $route) {

        // check to see if category exists
        if ($category = Category::where('slug',$route->parameter('category'))->first()) {

            // check to see if subcategory exists under category
            if ($subcategory = $category->subcategories()->where('slug',$route->parameter('subcategory'))->first()) {

                // check to see if subsubcategory exists under subcategory
                if ($subsubcategory = $subcategory->subsubcategories()->where('slug',$slug)->first()) {

                    // success, proper relationship exists
                    return $subsubcategory;
                }
            }
        }

        // fail (404) if we get here
        throw new ModelNotFoundException();
    });
}

I will note, however, that this makes a number of separate database calls. There may be more efficient ways to achieve the same goal through other methods if optimization is a concern.

Mysqli Prepared Statement with % wildcard

You need to bind the complete value, not just a portion of it. This means doing:

$where = "First_Name LIKE ?"

And then binding:

$vals = array('%Mike%');

---

Related Topics