momo
Reputation: 3935
PHP PDO MySQL LIKE and prepared statements
Assume $search is a string from user input, and $db is a valid PDO reference.
From what I understand, the following block is preferred and should work:
$imageStatement = $db->prepare("SELECT
images.whatever
FROM images
WHERE images.title LIKE :titleSearch OR images.description LIKE :descriptionSearch");
$imageStatement->bindValue(':titleSearch', "%{$search}%");
$imageStatement->bindValue(':descriptionSearch', "%{$search}%");
$images = $imageStatement->fetchAll();
It gives back 0 results, while the following gives back the expected returns:
$search = $db->quote("%{$search}%");
$images = $db->query("SELECT
images.whatever
FROM images
WHERE images.title LIKE {$search} OR images.description LIKE {$search}")->fetchAll();
What am I doing wrong?
Upvotes: 1
Views: 1532
Answers (1)
Kyle
Reputation: 4449
You never executed your PDO statement. After binding your parameters, call execute before retrieving your results.
$imageStatement->bindValue(':titleSearch', "%{$search}%");
$imageStatement->bindValue(':descriptionSearch', "%{$search}%");
$imageStatement->execute(); //ADD THIS STATEMENT
$images = $imageStatement->fetchAll();
PDO's query function does not require you to call execute, because it is not a parameterized query.
Upvotes: 7
Related Questions
- PHP prepared statements with LIKE
- How to use prepare for query having LIKE clause
- Multiple LIKE in PDO query
- PHP PDO prepared statement -- MySQL LIKE query
- Using LIKE with prepared statement
- PDO MySQL and php like statement
- PHP - PDO using the LIKE statement
- LIKE query in PDO not working
- Correct syntax for PDO LIKE statement
- PHP PDO LIKE statement unsuccessful