Skip to main content

How do I create a PDO parameterized query with a LIKE statement in PHP?



Here's my attempt at it:







$query = $database->prepare('SELECT * FROM table WHERE column LIKE "?%"');

$query->execute(array('value'));

while ($results = $query->fetch())

{

echo $results['column'];

}







Source: Tips4all

Comments

  1. Figured it out right after I posted:

    $query = $database->prepare('SELECT * FROM table WHERE column LIKE ?');
    $query->execute(array('value%'));
    while ($results = $query->fetch())
    {
    echo $results['column'];
    }

    ReplyDelete
  2. To use Like with % partial matching you can also do this: column like concat('%', :something, '%') (in other words, using explicitly unescaped % signs that are definitely not user input) with the named parameter :something.

    @bobince mentions here that:


    The
    difficulty
    comes when you want to allow a literal % or _ character in the
    search string, without having it act as a wildcard.


    So that's something else to watch out for when combining like and parameterization.

    ReplyDelete

Post a Comment

Popular posts from this blog

Why is this Javascript much *slower* than its jQuery equivalent?

I have a HTML list of about 500 items and a "filter" box above it. I started by using jQuery to filter the list when I typed a letter (timing code added later): $('#filter').keyup( function() { var jqStart = (new Date).getTime(); var search = $(this).val().toLowerCase(); var $list = $('ul.ablist > li'); $list.each( function() { if ( $(this).text().toLowerCase().indexOf(search) === -1 ) $(this).hide(); else $(this).show(); } ); console.log('Time: ' + ((new Date).getTime() - jqStart)); } ); However, there was a couple of seconds delay after typing each letter (particularly the first letter). So I thought it may be slightly quicker if I used plain Javascript (I read recently that jQuery's each function is particularly slow). Here's my JS equivalent: document.getElementById('filter').addEventListener( 'keyup', function () { var jsStart = (new Date).getTime()...

Is it possible to have IF statement in an Echo statement in PHP

Thanks in advance. I did look at the other questions/answers that were similar and didn't find exactly what I was looking for. I'm trying to do this, am I on the right path? echo " <div id='tabs-".$match."'> <textarea id='".$match."' name='".$match."'>". if ($COLUMN_NAME === $match) { echo $FIELD_WITH_COLUMN_NAME; } else { } ."</textarea> <script type='text/javascript'> CKEDITOR.replace( '".$match."' ); </script> </div>"; I am getting the following error message in the browser: Parse error: syntax error, unexpected T_IF Please let me know if this is the right way to go about nesting an IF statement inside an echo. Thank you.