In this query
select wrd from tablename WHERE wrd LIKE '$partial%'
I'm trying to bind the variable '$partial%' with PDO. Not sure how this works with the % at the end.
Would it be
select wrd from tablename WHERE wrd LIKE ':partial%'
where :partial is bound to $partial="somet"
or would it be
select wrd from tablename WHERE wrd LIKE ':partial'
where :partial is bound to $partial="somet%"
or would it be something entirely different?
$var = "partial%";
$stmt = $dbh->prepare("select wrd from tablename WHERE wrd LIKE :partial");
$stmt->bindParam(":partial", $var);
$stmt->execute(); // or $stmt->execute(array(':partial' => $var)); without
// first calling bindParam()
$rs = $stmt->fetchAll();
Using question mark parameters:
$stmt = $dbh->prepare('select wrd from tablename WHERE wrd LIKE ?');
$stmt->execute(array('partial%'));
$rs = $stmt->fetchAll();
+1 karim's answer covers it. You could also say:
"SELECT wrd FROM tablename WHERE wrd LIKE CONCAT(:partial, '%')"
to do the string joining at the MySQL end, not that there's any particular reason to in this case.
Things get a bit more tricky if the partial wrd you are looking for can itself contain a percent or underscore character (since those have special meaning for the LIKE operator) or a backslash (which MySQL uses as another layer of escaping in the LIKE operator — incorrectly, according to the ANSI SQL standard).
Hopefully that doesn't affect you, but if you do need to get that case right, here's the messy solution:
$stmt= $db->prepare("SELECT wrd FROM tablename WHERE wrd LIKE :term ESCAPE '+'");
$escaped= str_replace(array('+', '%', '_'), array('++', '+%', '+_'), $var);
$stmt->bindParam(':term', $escaped);