Anyone know how to combine PHP prepared statements with LIKE? i.e.
"SELECT * FROM table WHERE name LIKE %?%";
views:
157answers:
3
+9
A:
The % signs need to go in the variable that you assign to the parameter, instead of in the query.
I don't know if you're using mysqli or PDO, but with PDO it would be something like:
$st = $db->prepare("SELECT * FROM table WHERE name LIKE ?");
$st->execute(array('%'.$test_string.'%'));
Chad Birch
2009-03-19 05:55:29
+2
A:
You can use the concatenation operator of your respective sql database:
# oracle
SELECT * FROM table WHERE name LIKE '%' || :param || '%'
# mysql
SELECT * from table WHERE name LIKE CONCAT('%', :param, '%')
I'm not familar with other databases, but they probably have an equivalent function/operator.
Richard Levasseur
2009-03-19 06:06:57
That won't work with strings. It will throw warnings about non-integers.
St. John Johnson
2009-03-19 15:42:41
He's probably coming from an Oracle background, that's the Oracle concatenation operator, but in MySQL it's the OR operator. In MySQL you'd have to do CONCAT('%', ?, '%')
Chad Birch
2009-03-19 17:47:52
ah, noted! I haven't used mysql in years.
Richard Levasseur
2009-03-20 04:01:04
A:
You could try something like this:
"SELECT * FROM table WHERE name LIKE CONCAT(CONCAT('%',?),'%')"
St. John Johnson
2009-03-19 15:43:13