crazy poems
take a look
my
links
- paranoical.blogspot.com
- fullahead.org
- ndesign-studio.com
- internetbumperstickers.com
- rogrup.com
- oswd.org
- portideschise.com
valid
contact
PDO bindParam not working for LIKE condition by atrandafir
If you use PDO bindParam to do a search with a LIKE condition you cannot put the percentages and quotes to the param placeholder '%:keyword%'.
This is WRONG:
"SELECT * FROM `users` WHERE `firstname` LIKE '%:keyword%'";
The CORRECT solution is to leave clean the placeholder like this:
"SELECT * FROM `users` WHERE `firstname` LIKE :keyword";
And then add the percentages to the php variable where you store the keyword:
$keyword = "%".$keyword."%";
And finally the quotes will be automatically added by PDO when executing the query so you don't have to worry about them.
So the full example would be:
<?php
// Get the keyword from query string
$keyword = $_GET['keyword'];
// Prepare the command
$sth = $dbh->prepare('SELECT * FROM `users` WHERE `firstname` LIKE :keyword');
// Put the percentage sing on the keyword
$keyword = "%".$keyword."%";
// Bind the parameter
$sth->bindParam(':keyword', $keyword, PDO::PARAM_STR);
?>
This is WRONG:
"SELECT * FROM `users` WHERE `firstname` LIKE '%:keyword%'";
The CORRECT solution is to leave clean the placeholder like this:
"SELECT * FROM `users` WHERE `firstname` LIKE :keyword";
And then add the percentages to the php variable where you store the keyword:
$keyword = "%".$keyword."%";
And finally the quotes will be automatically added by PDO when executing the query so you don't have to worry about them.
So the full example would be:
<?php
// Get the keyword from query string
$keyword = $_GET['keyword'];
// Prepare the command
$sth = $dbh->prepare('SELECT * FROM `users` WHERE `firstname` LIKE :keyword');
// Put the percentage sing on the keyword
$keyword = "%".$keyword."%";
// Bind the parameter
$sth->bindParam(':keyword', $keyword, PDO::PARAM_STR);
?>