Using wildcards in prepared statement - MySQLi

Question

Hi! I'm trying to run the following query, and I'm having trouble with the wildcard.

   function getStudents() {
     global $db;
     $users = array();
     $query = $db->prepare("SELECT id, adminRights FROM users WHERE classes LIKE ? && adminRights='student'");
     $query->bind_param('s', '%' . $this->className . '%');
     $query->execute();
     $query->bind_result($uid, $adminRights);
     while ($query->fetch()) {
      if (isset($adminRights[$this->className]) && $adminRights[$this->className] == 'student')
       $users[] = $uid;
     }
     $query->close();
     return $users;
    }

I'm getting an error that states: Cannot pass parameter 2 by reference. The reason I need to use the wildcard is because the column's data contains serialized arrays. I guess, if there's an easier way to handle this, what could I do?

Thanks in advance!

Answer 1

Parameter #2 must be a reference, not a value. Try

$param = '%' . $this->className . '%';
$query->bind_param('s', $param);

Answer 2

You have to pass parameters to bind_param() by reference, which means you have to pass a single variable (not a concatenated string). There's no reason you can't construct such a variable specifically to pass in, though:

$className = '%' . $this->className . '%';
$query->bind_param('s', $className);

Answer 3

It is the same reason that happens in C++. When you pass a value to a function which expects the argument to be a reference, you need a variable ( not temporary ). So first create a variable and then pass it.