Possible Duplicate:
How do I create a PDO parameterized query with a LIKE statement in PHP?
PHP PDO prepared statement — mysql LIKE query
I’m trying to make a search engine for my website, and right now I’m just trying to make sure the connection is all and well. Here is my code thus far:
EDITED CODE (Still doesn’t work, but here’s where I’m at with the suggestions thus far):
$db = new PDO("mysql:host=".DB_SERVER.";dbname=".DB_NAME, DB_USER, DB_PASS);
$stmt = $db->prepare("SELECT * FROM table_1 WHERE name LIKE ? ORDER BY bid DESC");
$stmt->bindParam(1, "%{$_GET['s']}%", PDO::PARAM_STR);
$stmt->execute();
$rows = $stmt->fetchAll();
I tried to see if the different methods of execute would do anything, but regardless of which way above I write it, I get the same result, nothing. I want the % wildcard in there so it does it’ll search anywhere in name. On that note, am I using it correctly? The thing that confuses me most is when I type in the exact same query into PHPMyAdmin, the query runs through fine, so my guess is that I’m screwing up the PDO somewhere.
EDIT: PHPMyAdmin Query:
SELECT *
FROM table_1
WHERE name LIKE ‘%Test%’
ORDER BY bid DESC
LIMIT 0 , 30
This returns 1 result, as it is expected to. What is different about my code and this query? :/
I don’t really understand what your question is, but I’m guessing you don’t know how to add the
%? If so, try this:A little explanation:
PDO will quote and escape the parameter
?appropriately. This means, that if you are bindinghello, PDO will substitute?with'hello'(note the quotes). Therefore, in order to have the%inside the quotes, you will have to add them to what is binded, in this case$_GET['s'].